[DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Using cached minion ID from /etc/salt/minion_id: ubuntu # [DEBUG ] Configuration file path: /etc/salt/minion # [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. # [DEBUG ] Reading configuration from /etc/salt/minion # [DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain. # [DEBUG ] Determining pillar cache # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [DEBUG ] LazyLoaded state.apply # [DEBUG ] LazyLoaded saltutil.is_running # [DEBUG ] LazyLoaded grains.get # [DEBUG ] LazyLoaded roots.envs # [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. # [DEBUG ] Updating roots fileserver cache # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/vm.sls' to resolve 'salt://sift/vm.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/vm.sls' to resolve 'salt://sift/vm.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/vm.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/vm.sls' using 'jinja' renderer: 0.00399684906006 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/vm.sls: include: - sift.repos - sift.packages - sift.python-packages - sift.tools - sift.scripts - sift.config sift-version-file: file.managed: - name: /etc/sift-version - source: salt://VERSION - user: root - group: root - require: - sls: sift.repos - sls: sift.packages - sls: sift.python-packages - sls: sift.tools - sls: sift.scripts - sls: sift.config # [DEBUG ] LazyLoaded config.get # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos', 'sift.packages', 'sift.python-packages', 'sift.tools', 'sift.scripts', 'sift.config']), ('sift-version-file', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/sift-version')]), OrderedDict([('source', 'salt://VERSION')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos')]), OrderedDict([('sls', 'sift.packages')]), OrderedDict([('sls', 'sift.python-packages')]), OrderedDict([('sls', 'sift.tools')]), OrderedDict([('sls', 'sift.scripts')]), OrderedDict([('sls', 'sift.config')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/vm.sls' using 'yaml' renderer: 0.00670289993286 # [DEBUG ] Could not find file 'salt://sift/repos.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/init.sls' to resolve 'salt://sift/repos/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/init.sls' to resolve 'salt://sift/repos/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/init.sls' using 'jinja' renderer: 0.000941038131714 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/init.sls: include: - sift.repos.docker - sift.repos.gift - sift.repos.sift - sift.repos.openjdk - sift.repos.ubuntu-multiverse - sift.repos.ubuntu-universe - sift.repos.ubuntu-tweak sift-repos: test.nop: - name: sift-repos - require: - sls: sift.repos.docker - sls: sift.repos.gift - sls: sift.repos.sift - sls: sift.repos.openjdk - sls: sift.repos.ubuntu-multiverse - sls: sift.repos.ubuntu-universe - sls: sift.repos.ubuntu-tweak # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.docker', 'sift.repos.gift', 'sift.repos.sift', 'sift.repos.openjdk', 'sift.repos.ubuntu-multiverse', 'sift.repos.ubuntu-universe', 'sift.repos.ubuntu-tweak']), ('sift-repos', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-repos')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.docker')]), OrderedDict([('sls', 'sift.repos.gift')]), OrderedDict([('sls', 'sift.repos.sift')]), OrderedDict([('sls', 'sift.repos.openjdk')]), OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')]), OrderedDict([('sls', 'sift.repos.ubuntu-universe')]), OrderedDict([('sls', 'sift.repos.ubuntu-tweak')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/init.sls' using 'yaml' renderer: 0.00341892242432 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/docker.sls' to resolve 'salt://sift/repos/docker.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/docker.sls' to resolve 'salt://sift/repos/docker.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/docker.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/docker.sls' using 'jinja' renderer: 0.00152897834778 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/docker.sls: include: - ..packages.python-software-properties - ..packages.apt-transport-https sift-docker-repo: pkgrepo.managed: - humanname: Docker - name: deb https://apt.dockerproject.org/repo ubuntu-xenial main - dist: ubuntu-xenial - file: /etc/apt/sources.list.d/docker.list - keyid: 58118E89F3A912897C070ADBF76221572C52609D - keyserver: hkp://p80.pool.sks-keyservers.net:80 - refresh_db: true - require: - pkg: python-software-properties - pkg: apt-transport-https # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties', '..packages.apt-transport-https']), ('sift-docker-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('humanname', 'Docker')]), OrderedDict([('name', 'deb https://apt.dockerproject.org/repo ubuntu-xenial main')]), OrderedDict([('dist', 'ubuntu-xenial')]), OrderedDict([('file', '/etc/apt/sources.list.d/docker.list')]), OrderedDict([('keyid', '58118E89F3A912897C070ADBF76221572C52609D')]), OrderedDict([('keyserver', 'hkp://p80.pool.sks-keyservers.net:80')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')]), OrderedDict([('pkg', 'apt-transport-https')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/docker.sls' using 'yaml' renderer: 0.00366711616516 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-software-properties.sls' to resolve 'salt://sift/packages/python-software-properties.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' to resolve 'salt://sift/packages/python-software-properties.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' using 'jinja' renderer: 0.000817060470581 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls: python-software-properties: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-software-properties', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' using 'yaml' renderer: 0.000555992126465 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/apt-transport-https.sls' to resolve 'salt://sift/packages/apt-transport-https.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' to resolve 'salt://sift/packages/apt-transport-https.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' using 'jinja' renderer: 0.00065803527832 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls: apt-transport-https: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('apt-transport-https', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' using 'yaml' renderer: 0.000492095947266 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/gift.sls' to resolve 'salt://sift/repos/gift.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/gift.sls' to resolve 'salt://sift/repos/gift.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/gift.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [DEBUG ] LazyLoaded pillar.get # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/gift.sls' using 'jinja' renderer: 0.00314593315125 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/gift.sls: include: - ..packages.python-software-properties sift-gift-dev: pkgrepo.absent: - ppa: gift/dev - require_in: - pkgrepo: sift-gift-repo sift-gift-repo: pkgrepo.managed: - name: gift - ppa: gift/stable - refresh_db: true - require: - pkg: python-software-properties # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties']), ('sift-gift-dev', OrderedDict([('pkgrepo.absent', [OrderedDict([('ppa', 'gift/dev')]), OrderedDict([('require_in', [OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])])), ('sift-gift-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'gift')]), OrderedDict([('ppa', 'gift/stable')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/gift.sls' using 'yaml' renderer: 0.00294494628906 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/sift.sls' to resolve 'salt://sift/repos/sift.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/sift.sls' to resolve 'salt://sift/repos/sift.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/sift.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/sift.sls' using 'jinja' renderer: 0.00259113311768 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/sift.sls: include: - sift.packages.python-software-properties sift-dev: pkgrepo.absent: - ppa: sift/dev - require_in: - pkgrepo: sift-repo sift-repo: pkgrepo.managed: - ppa: sift/stable - refresh_db: true - require: - pkg: python-software-properties # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-software-properties']), ('sift-dev', OrderedDict([('pkgrepo.absent', [OrderedDict([('ppa', 'sift/dev')]), OrderedDict([('require_in', [OrderedDict([('pkgrepo', 'sift-repo')])])])])])), ('sift-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('ppa', 'sift/stable')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/sift.sls' using 'yaml' renderer: 0.0026969909668 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/openjdk.sls' to resolve 'salt://sift/repos/openjdk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' to resolve 'salt://sift/repos/openjdk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/openjdk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' using 'jinja' renderer: 0.00071382522583 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/openjdk.sls: include: - ..packages.python-software-properties openjdk-repo: pkgrepo.managed: - ppa: openjdk-r/ppa - refresh_db: true - require: - pkg: python-software-properties # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties']), ('openjdk-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('ppa', 'openjdk-r/ppa')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' using 'yaml' renderer: 0.00192189216614 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-multiverse.sls' to resolve 'salt://sift/repos/ubuntu-multiverse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' to resolve 'salt://sift/repos/ubuntu-multiverse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' using 'jinja' renderer: 0.00157499313354 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls: sift-multiverse-repo: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse - refresh_db: true sift-multiverse-repo-security: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse - refresh_db: true # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-multiverse-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse')]), OrderedDict([('refresh_db', True)])])])), ('sift-multiverse-repo-security', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse')]), OrderedDict([('refresh_db', True)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' using 'yaml' renderer: 0.00206804275513 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-universe.sls' to resolve 'salt://sift/repos/ubuntu-universe.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' to resolve 'salt://sift/repos/ubuntu-universe.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' using 'jinja' renderer: 0.00284385681152 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls: sift-universe-repo: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial universe - refresh_db: true # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-universe-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial universe')]), OrderedDict([('refresh_db', True)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' using 'yaml' renderer: 0.00115585327148 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-tweak.sls' to resolve 'salt://sift/repos/ubuntu-tweak.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' to resolve 'salt://sift/repos/ubuntu-tweak.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' using 'jinja' renderer: 0.00156998634338 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls: ubuntutweak: test.nop: - name: ubuntutweak # [DEBUG ] Results of YAML rendering: OrderedDict([('ubuntutweak', OrderedDict([('test.nop', [OrderedDict([('name', 'ubuntutweak')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' using 'yaml' renderer: 0.000845193862915 # [DEBUG ] Could not find file 'salt://sift/packages.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/init.sls' to resolve 'salt://sift/packages/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/init.sls' to resolve 'salt://sift/packages/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/init.sls' using 'jinja' renderer: 0.00567197799683 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/init.sls: include: - sift.packages.absent - sift.packages.aeskeyfind - sift.packages.afflib-tools - sift.packages.afterglow - sift.packages.aircrack-ng - sift.packages.apache2 - sift.packages.arp-scan - sift.packages.autopsy - sift.packages.bcrypt - sift.packages.bitpim - sift.packages.bitpim-lib - sift.packages.bkhive - sift.packages.bless - sift.packages.blt - sift.packages.build-essential - sift.packages.bulk-extractor - sift.packages.cabextract - sift.packages.ccrypt - sift.packages.cifs-utils - sift.packages.clamav - sift.packages.cmospwd - sift.packages.cryptcat - sift.packages.cryptsetup - sift.packages.curl - sift.packages.dc3dd - sift.packages.dcfldd - sift.packages.dconf-tools - sift.packages.docker-engine - sift.packages.driftnet - sift.packages.dsniff - sift.packages.dumbpig - sift.packages.e2fslibs-dev - sift.packages.ent - sift.packages.epic5 - sift.packages.etherape - sift.packages.ettercap-graphical - sift.packages.exfat-fuse - sift.packages.exfat-utils - sift.packages.exif - sift.packages.extundelete - sift.packages.fdupes - sift.packages.feh - sift.packages.flasm - sift.packages.flex - sift.packages.foremost - sift.packages.g++ - sift.packages.gawk - sift.packages.gcc - sift.packages.gdb - sift.packages.gddrescue - sift.packages.ghex - sift.packages.git - sift.packages.graphviz - sift.packages.gthumb - sift.packages.gzrt - sift.packages.hexedit - sift.packages.htop - sift.packages.hydra - sift.packages.hydra-gtk - sift.packages.ipython - sift.packages.jq - sift.packages.kdiff3 - sift.packages.knocker - sift.packages.kpartx - sift.packages.lft - sift.packages.libafflib-dev - sift.packages.libafflib - sift.packages.libbde - sift.packages.libbde-tools - sift.packages.libesedb - sift.packages.libesedb-tools - sift.packages.libevt - sift.packages.libevt-tools - sift.packages.libevtx - sift.packages.libevtx-tools - sift.packages.libewf - sift.packages.libewf-dev - sift.packages.libewf-python - sift.packages.libewf-tools - sift.packages.libffi-dev - sift.packages.libfuse-dev - sift.packages.libfvde - sift.packages.libfvde-tools - sift.packages.liblightgrep - sift.packages.libmsiecf - sift.packages.libncurses - sift.packages.libnet1 - sift.packages.libolecf - sift.packages.libparse-win32registry-perl - sift.packages.libpff - sift.packages.libpff-dev - sift.packages.libpff-python - sift.packages.libpff-tools - sift.packages.libplist-utils - sift.packages.libregf - sift.packages.libregf-dev - sift.packages.libregf-python - sift.packages.libregf-tools - sift.packages.libssl-dev - sift.packages.libtext-csv-perl - sift.packages.libvmdk - sift.packages.libvshadow - sift.packages.libvshadow-dev - sift.packages.libvshadow-python - sift.packages.libvshadow-tools - sift.packages.libxml2-dev - sift.packages.libxslt-dev - sift.packages.md5deep - sift.packages.nbd-client - sift.packages.nbtscan - sift.packages.netcat - sift.packages.netpbm - sift.packages.netsed - sift.packages.netwox - sift.packages.nfdump - sift.packages.ngrep - sift.packages.nikto - sift.packages.okular - sift.packages.open-iscsi - sift.packages.openjdk - sift.packages.ophcrack - sift.packages.ophcrack-cli - sift.packages.outguess - sift.packages.p0f - sift.packages.p7zip-full - sift.packages.pdftk - sift.packages.perl - sift.packages.pev - sift.packages.phonon - sift.packages.pkg-config - sift.packages.powershell - sift.packages.pv - sift.packages.pyew - sift.packages.pyew - sift.packages.python - sift.packages.python-dev - sift.packages.python-dfvfs - sift.packages.python-flowgrep - sift.packages.python-fuse - sift.packages.python-nids - sift.packages.python-ntdsxtract - sift.packages.python-pefile - sift.packages.python-pip - sift.packages.python-plaso - sift.packages.python-pytsk3 - sift.packages.python-qt4 - sift.packages.python-tk - sift.packages.python-virtualenv - sift.packages.python-volatility - sift.packages.python-yara - sift.packages.qemu - sift.packages.qemu-utils - sift.packages.radare2 - sift.packages.rar - sift.packages.readpst - sift.packages.rsakeyfind - sift.packages.safecopy - sift.packages.samba - sift.packages.samdump2 - sift.packages.scalpel - sift.packages.sleuthkit - sift.packages.socat - sift.packages.ssdeep - sift.packages.ssldump - sift.packages.sslsniff - sift.packages.stunnel4 - sift.packages.system-config-samba - sift.packages.tcl - sift.packages.tcpflow - sift.packages.tcpick - sift.packages.tcpreplay - sift.packages.tcpslice - sift.packages.tcpstat - sift.packages.tcptrace - sift.packages.tcptrack - sift.packages.tcpxtract - sift.packages.testdisk - sift.packages.tofrodos - sift.packages.transmission - sift.packages.unity-control-center - sift.packages.unrar - sift.packages.upx-ucl - sift.packages.vbindiff - sift.packages.vim - sift.packages.virtuoso-minimal - sift.packages.vmfs-tools - sift.packages.winbind - sift.packages.wine - sift.packages.wireshark - sift.packages.xdot - sift.packages.xfsprogs - sift.packages.xmount - sift.packages.xpdf - sift.packages.zenity sift-packages: test.nop: - name: sift-packages - require: - sls: sift.packages.aeskeyfind - sls: sift.packages.afflib-tools - sls: sift.packages.afterglow - sls: sift.packages.aircrack-ng - sls: sift.packages.apache2 - sls: sift.packages.arp-scan - sls: sift.packages.autopsy - sls: sift.packages.bcrypt - sls: sift.packages.bitpim - sls: sift.packages.bitpim-lib - sls: sift.packages.bkhive - sls: sift.packages.bless - sls: sift.packages.blt - sls: sift.packages.build-essential - sls: sift.packages.bulk-extractor - sls: sift.packages.cabextract - sls: sift.packages.ccrypt - sls: sift.packages.cifs-utils - sls: sift.packages.clamav - sls: sift.packages.cmospwd - sls: sift.packages.cryptcat - sls: sift.packages.cryptsetup - sls: sift.packages.curl - sls: sift.packages.dc3dd - sls: sift.packages.dcfldd - sls: sift.packages.dconf-tools - sls: sift.packages.docker-engine - sls: sift.packages.driftnet - sls: sift.packages.dsniff - sls: sift.packages.dumbpig - sls: sift.packages.e2fslibs-dev - sls: sift.packages.ent - sls: sift.packages.epic5 - sls: sift.packages.etherape - sls: sift.packages.ettercap-graphical - sls: sift.packages.exfat-fuse - sls: sift.packages.exfat-utils - sls: sift.packages.exif - sls: sift.packages.extundelete - sls: sift.packages.fdupes - sls: sift.packages.feh - sls: sift.packages.flasm - sls: sift.packages.flex - sls: sift.packages.foremost - sls: sift.packages.g++ - sls: sift.packages.gawk - sls: sift.packages.gcc - sls: sift.packages.gdb - sls: sift.packages.gddrescue - sls: sift.packages.ghex - sls: sift.packages.git - sls: sift.packages.graphviz - sls: sift.packages.gthumb - sls: sift.packages.gzrt - sls: sift.packages.hexedit - sls: sift.packages.htop - sls: sift.packages.hydra - sls: sift.packages.hydra-gtk - sls: sift.packages.ipython - sls: sift.packages.jq - sls: sift.packages.kdiff3 - sls: sift.packages.knocker - sls: sift.packages.kpartx - sls: sift.packages.lft - sls: sift.packages.libafflib-dev - sls: sift.packages.libafflib - sls: sift.packages.libbde - sls: sift.packages.libbde-tools - sls: sift.packages.libesedb - sls: sift.packages.libesedb-tools - sls: sift.packages.libevt - sls: sift.packages.libevt-tools - sls: sift.packages.libevtx - sls: sift.packages.libevtx-tools - sls: sift.packages.libewf - sls: sift.packages.libewf-dev - sls: sift.packages.libewf-python - sls: sift.packages.libewf-tools - sls: sift.packages.libffi-dev - sls: sift.packages.libfuse-dev - sls: sift.packages.libfvde - sls: sift.packages.libfvde-tools - sls: sift.packages.liblightgrep - sls: sift.packages.libmsiecf - sls: sift.packages.libncurses - sls: sift.packages.libnet1 - sls: sift.packages.libolecf - sls: sift.packages.libparse-win32registry-perl - sls: sift.packages.libpff - sls: sift.packages.libpff-dev - sls: sift.packages.libpff-python - sls: sift.packages.libpff-tools - sls: sift.packages.libplist-utils - sls: sift.packages.libregf - sls: sift.packages.libregf-dev - sls: sift.packages.libregf-python - sls: sift.packages.libregf-tools - sls: sift.packages.libssl-dev - sls: sift.packages.libtext-csv-perl - sls: sift.packages.libvmdk - sls: sift.packages.libvshadow - sls: sift.packages.libvshadow-dev - sls: sift.packages.libvshadow-python - sls: sift.packages.libvshadow-tools - sls: sift.packages.libxml2-dev - sls: sift.packages.libxslt-dev - sls: sift.packages.md5deep - sls: sift.packages.nbd-client - sls: sift.packages.nbtscan - sls: sift.packages.netcat - sls: sift.packages.netpbm - sls: sift.packages.netsed - sls: sift.packages.netwox - sls: sift.packages.nfdump - sls: sift.packages.ngrep - sls: sift.packages.nikto - sls: sift.packages.okular - sls: sift.packages.open-iscsi - sls: sift.packages.openjdk - sls: sift.packages.ophcrack - sls: sift.packages.ophcrack-cli - sls: sift.packages.outguess - sls: sift.packages.p0f - sls: sift.packages.p7zip-full - sls: sift.packages.pdftk - sls: sift.packages.perl - sls: sift.packages.pev - sls: sift.packages.phonon - sls: sift.packages.pkg-config - sls: sift.packages.powershell - sls: sift.packages.pv - sls: sift.packages.pyew - sls: sift.packages.pyew - sls: sift.packages.python - sls: sift.packages.python-dev - sls: sift.packages.python-dfvfs - sls: sift.packages.python-flowgrep - sls: sift.packages.python-fuse - sls: sift.packages.python-nids - sls: sift.packages.python-ntdsxtract - sls: sift.packages.python-pefile - sls: sift.packages.python-pip - sls: sift.packages.python-plaso - sls: sift.packages.python-pytsk3 - sls: sift.packages.python-qt4 - sls: sift.packages.python-tk - sls: sift.packages.python-virtualenv - sls: sift.packages.python-volatility - sls: sift.packages.python-yara - sls: sift.packages.qemu - sls: sift.packages.qemu-utils - sls: sift.packages.radare2 - sls: sift.packages.rar - sls: sift.packages.readpst - sls: sift.packages.rsakeyfind - sls: sift.packages.safecopy - sls: sift.packages.samba - sls: sift.packages.samdump2 - sls: sift.packages.scalpel - sls: sift.packages.sleuthkit - sls: sift.packages.socat - sls: sift.packages.ssdeep - sls: sift.packages.ssldump - sls: sift.packages.sslsniff - sls: sift.packages.stunnel4 - sls: sift.packages.system-config-samba - sls: sift.packages.tcl - sls: sift.packages.tcpflow - sls: sift.packages.tcpick - sls: sift.packages.tcpreplay - sls: sift.packages.tcpslice - sls: sift.packages.tcpstat - sls: sift.packages.tcptrace - sls: sift.packages.tcptrack - sls: sift.packages.tcpxtract - sls: sift.packages.testdisk - sls: sift.packages.tofrodos - sls: sift.packages.transmission - sls: sift.packages.unity-control-center - sls: sift.packages.unrar - sls: sift.packages.upx-ucl - sls: sift.packages.vbindiff - sls: sift.packages.vim - sls: sift.packages.virtuoso-minimal - sls: sift.packages.vmfs-tools - sls: sift.packages.winbind - sls: sift.packages.wine - sls: sift.packages.wireshark - sls: sift.packages.xdot - sls: sift.packages.xfsprogs - sls: sift.packages.xmount - sls: sift.packages.xpdf - sls: sift.packages.zenity # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.absent', 'sift.packages.aeskeyfind', 'sift.packages.afflib-tools', 'sift.packages.afterglow', 'sift.packages.aircrack-ng', 'sift.packages.apache2', 'sift.packages.arp-scan', 'sift.packages.autopsy', 'sift.packages.bcrypt', 'sift.packages.bitpim', 'sift.packages.bitpim-lib', 'sift.packages.bkhive', 'sift.packages.bless', 'sift.packages.blt', 'sift.packages.build-essential', 'sift.packages.bulk-extractor', 'sift.packages.cabextract', 'sift.packages.ccrypt', 'sift.packages.cifs-utils', 'sift.packages.clamav', 'sift.packages.cmospwd', 'sift.packages.cryptcat', 'sift.packages.cryptsetup', 'sift.packages.curl', 'sift.packages.dc3dd', 'sift.packages.dcfldd', 'sift.packages.dconf-tools', 'sift.packages.docker-engine', 'sift.packages.driftnet', 'sift.packages.dsniff', 'sift.packages.dumbpig', 'sift.packages.e2fslibs-dev', 'sift.packages.ent', 'sift.packages.epic5', 'sift.packages.etherape', 'sift.packages.ettercap-graphical', 'sift.packages.exfat-fuse', 'sift.packages.exfat-utils', 'sift.packages.exif', 'sift.packages.extundelete', 'sift.packages.fdupes', 'sift.packages.feh', 'sift.packages.flasm', 'sift.packages.flex', 'sift.packages.foremost', 'sift.packages.g++', 'sift.packages.gawk', 'sift.packages.gcc', 'sift.packages.gdb', 'sift.packages.gddrescue', 'sift.packages.ghex', 'sift.packages.git', 'sift.packages.graphviz', 'sift.packages.gthumb', 'sift.packages.gzrt', 'sift.packages.hexedit', 'sift.packages.htop', 'sift.packages.hydra', 'sift.packages.hydra-gtk', 'sift.packages.ipython', 'sift.packages.jq', 'sift.packages.kdiff3', 'sift.packages.knocker', 'sift.packages.kpartx', 'sift.packages.lft', 'sift.packages.libafflib-dev', 'sift.packages.libafflib', 'sift.packages.libbde', 'sift.packages.libbde-tools', 'sift.packages.libesedb', 'sift.packages.libesedb-tools', 'sift.packages.libevt', 'sift.packages.libevt-tools', 'sift.packages.libevtx', 'sift.packages.libevtx-tools', 'sift.packages.libewf', 'sift.packages.libewf-dev', 'sift.packages.libewf-python', 'sift.packages.libewf-tools', 'sift.packages.libffi-dev', 'sift.packages.libfuse-dev', 'sift.packages.libfvde', 'sift.packages.libfvde-tools', 'sift.packages.liblightgrep', 'sift.packages.libmsiecf', 'sift.packages.libncurses', 'sift.packages.libnet1', 'sift.packages.libolecf', 'sift.packages.libparse-win32registry-perl', 'sift.packages.libpff', 'sift.packages.libpff-dev', 'sift.packages.libpff-python', 'sift.packages.libpff-tools', 'sift.packages.libplist-utils', 'sift.packages.libregf', 'sift.packages.libregf-dev', 'sift.packages.libregf-python', 'sift.packages.libregf-tools', 'sift.packages.libssl-dev', 'sift.packages.libtext-csv-perl', 'sift.packages.libvmdk', 'sift.packages.libvshadow', 'sift.packages.libvshadow-dev', 'sift.packages.libvshadow-python', 'sift.packages.libvshadow-tools', 'sift.packages.libxml2-dev', 'sift.packages.libxslt-dev', 'sift.packages.md5deep', 'sift.packages.nbd-client', 'sift.packages.nbtscan', 'sift.packages.netcat', 'sift.packages.netpbm', 'sift.packages.netsed', 'sift.packages.netwox', 'sift.packages.nfdump', 'sift.packages.ngrep', 'sift.packages.nikto', 'sift.packages.okular', 'sift.packages.open-iscsi', 'sift.packages.openjdk', 'sift.packages.ophcrack', 'sift.packages.ophcrack-cli', 'sift.packages.outguess', 'sift.packages.p0f', 'sift.packages.p7zip-full', 'sift.packages.pdftk', 'sift.packages.perl', 'sift.packages.pev', 'sift.packages.phonon', 'sift.packages.pkg-config', 'sift.packages.powershell', 'sift.packages.pv', 'sift.packages.pyew', 'sift.packages.pyew', 'sift.packages.python', 'sift.packages.python-dev', 'sift.packages.python-dfvfs', 'sift.packages.python-flowgrep', 'sift.packages.python-fuse', 'sift.packages.python-nids', 'sift.packages.python-ntdsxtract', 'sift.packages.python-pefile', 'sift.packages.python-pip', 'sift.packages.python-plaso', 'sift.packages.python-pytsk3', 'sift.packages.python-qt4', 'sift.packages.python-tk', 'sift.packages.python-virtualenv', 'sift.packages.python-volatility', 'sift.packages.python-yara', 'sift.packages.qemu', 'sift.packages.qemu-utils', 'sift.packages.radare2', 'sift.packages.rar', 'sift.packages.readpst', 'sift.packages.rsakeyfind', 'sift.packages.safecopy', 'sift.packages.samba', 'sift.packages.samdump2', 'sift.packages.scalpel', 'sift.packages.sleuthkit', 'sift.packages.socat', 'sift.packages.ssdeep', 'sift.packages.ssldump', 'sift.packages.sslsniff', 'sift.packages.stunnel4', 'sift.packages.system-config-samba', 'sift.packages.tcl', 'sift.packages.tcpflow', 'sift.packages.tcpick', 'sift.packages.tcpreplay', 'sift.packages.tcpslice', 'sift.packages.tcpstat', 'sift.packages.tcptrace', 'sift.packages.tcptrack', 'sift.packages.tcpxtract', 'sift.packages.testdisk', 'sift.packages.tofrodos', 'sift.packages.transmission', 'sift.packages.unity-control-center', 'sift.packages.unrar', 'sift.packages.upx-ucl', 'sift.packages.vbindiff', 'sift.packages.vim', 'sift.packages.virtuoso-minimal', 'sift.packages.vmfs-tools', 'sift.packages.winbind', 'sift.packages.wine', 'sift.packages.wireshark', 'sift.packages.xdot', 'sift.packages.xfsprogs', 'sift.packages.xmount', 'sift.packages.xpdf', 'sift.packages.zenity']), ('sift-packages', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-packages')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.aeskeyfind')]), OrderedDict([('sls', 'sift.packages.afflib-tools')]), OrderedDict([('sls', 'sift.packages.afterglow')]), OrderedDict([('sls', 'sift.packages.aircrack-ng')]), OrderedDict([('sls', 'sift.packages.apache2')]), OrderedDict([('sls', 'sift.packages.arp-scan')]), OrderedDict([('sls', 'sift.packages.autopsy')]), OrderedDict([('sls', 'sift.packages.bcrypt')]), OrderedDict([('sls', 'sift.packages.bitpim')]), OrderedDict([('sls', 'sift.packages.bitpim-lib')]), OrderedDict([('sls', 'sift.packages.bkhive')]), OrderedDict([('sls', 'sift.packages.bless')]), OrderedDict([('sls', 'sift.packages.blt')]), OrderedDict([('sls', 'sift.packages.build-essential')]), OrderedDict([('sls', 'sift.packages.bulk-extractor')]), OrderedDict([('sls', 'sift.packages.cabextract')]), OrderedDict([('sls', 'sift.packages.ccrypt')]), OrderedDict([('sls', 'sift.packages.cifs-utils')]), OrderedDict([('sls', 'sift.packages.clamav')]), OrderedDict([('sls', 'sift.packages.cmospwd')]), OrderedDict([('sls', 'sift.packages.cryptcat')]), OrderedDict([('sls', 'sift.packages.cryptsetup')]), OrderedDict([('sls', 'sift.packages.curl')]), OrderedDict([('sls', 'sift.packages.dc3dd')]), OrderedDict([('sls', 'sift.packages.dcfldd')]), OrderedDict([('sls', 'sift.packages.dconf-tools')]), OrderedDict([('sls', 'sift.packages.docker-engine')]), OrderedDict([('sls', 'sift.packages.driftnet')]), OrderedDict([('sls', 'sift.packages.dsniff')]), OrderedDict([('sls', 'sift.packages.dumbpig')]), OrderedDict([('sls', 'sift.packages.e2fslibs-dev')]), OrderedDict([('sls', 'sift.packages.ent')]), OrderedDict([('sls', 'sift.packages.epic5')]), OrderedDict([('sls', 'sift.packages.etherape')]), OrderedDict([('sls', 'sift.packages.ettercap-graphical')]), OrderedDict([('sls', 'sift.packages.exfat-fuse')]), OrderedDict([('sls', 'sift.packages.exfat-utils')]), OrderedDict([('sls', 'sift.packages.exif')]), OrderedDict([('sls', 'sift.packages.extundelete')]), OrderedDict([('sls', 'sift.packages.fdupes')]), OrderedDict([('sls', 'sift.packages.feh')]), OrderedDict([('sls', 'sift.packages.flasm')]), OrderedDict([('sls', 'sift.packages.flex')]), OrderedDict([('sls', 'sift.packages.foremost')]), OrderedDict([('sls', 'sift.packages.g++')]), OrderedDict([('sls', 'sift.packages.gawk')]), OrderedDict([('sls', 'sift.packages.gcc')]), OrderedDict([('sls', 'sift.packages.gdb')]), OrderedDict([('sls', 'sift.packages.gddrescue')]), OrderedDict([('sls', 'sift.packages.ghex')]), OrderedDict([('sls', 'sift.packages.git')]), OrderedDict([('sls', 'sift.packages.graphviz')]), OrderedDict([('sls', 'sift.packages.gthumb')]), OrderedDict([('sls', 'sift.packages.gzrt')]), OrderedDict([('sls', 'sift.packages.hexedit')]), OrderedDict([('sls', 'sift.packages.htop')]), OrderedDict([('sls', 'sift.packages.hydra')]), OrderedDict([('sls', 'sift.packages.hydra-gtk')]), OrderedDict([('sls', 'sift.packages.ipython')]), OrderedDict([('sls', 'sift.packages.jq')]), OrderedDict([('sls', 'sift.packages.kdiff3')]), OrderedDict([('sls', 'sift.packages.knocker')]), OrderedDict([('sls', 'sift.packages.kpartx')]), OrderedDict([('sls', 'sift.packages.lft')]), OrderedDict([('sls', 'sift.packages.libafflib-dev')]), OrderedDict([('sls', 'sift.packages.libafflib')]), OrderedDict([('sls', 'sift.packages.libbde')]), OrderedDict([('sls', 'sift.packages.libbde-tools')]), OrderedDict([('sls', 'sift.packages.libesedb')]), OrderedDict([('sls', 'sift.packages.libesedb-tools')]), OrderedDict([('sls', 'sift.packages.libevt')]), OrderedDict([('sls', 'sift.packages.libevt-tools')]), OrderedDict([('sls', 'sift.packages.libevtx')]), OrderedDict([('sls', 'sift.packages.libevtx-tools')]), OrderedDict([('sls', 'sift.packages.libewf')]), OrderedDict([('sls', 'sift.packages.libewf-dev')]), OrderedDict([('sls', 'sift.packages.libewf-python')]), OrderedDict([('sls', 'sift.packages.libewf-tools')]), OrderedDict([('sls', 'sift.packages.libffi-dev')]), OrderedDict([('sls', 'sift.packages.libfuse-dev')]), OrderedDict([('sls', 'sift.packages.libfvde')]), OrderedDict([('sls', 'sift.packages.libfvde-tools')]), OrderedDict([('sls', 'sift.packages.liblightgrep')]), OrderedDict([('sls', 'sift.packages.libmsiecf')]), OrderedDict([('sls', 'sift.packages.libncurses')]), OrderedDict([('sls', 'sift.packages.libnet1')]), OrderedDict([('sls', 'sift.packages.libolecf')]), OrderedDict([('sls', 'sift.packages.libparse-win32registry-perl')]), OrderedDict([('sls', 'sift.packages.libpff')]), OrderedDict([('sls', 'sift.packages.libpff-dev')]), OrderedDict([('sls', 'sift.packages.libpff-python')]), OrderedDict([('sls', 'sift.packages.libpff-tools')]), OrderedDict([('sls', 'sift.packages.libplist-utils')]), OrderedDict([('sls', 'sift.packages.libregf')]), OrderedDict([('sls', 'sift.packages.libregf-dev')]), OrderedDict([('sls', 'sift.packages.libregf-python')]), OrderedDict([('sls', 'sift.packages.libregf-tools')]), OrderedDict([('sls', 'sift.packages.libssl-dev')]), OrderedDict([('sls', 'sift.packages.libtext-csv-perl')]), OrderedDict([('sls', 'sift.packages.libvmdk')]), OrderedDict([('sls', 'sift.packages.libvshadow')]), OrderedDict([('sls', 'sift.packages.libvshadow-dev')]), OrderedDict([('sls', 'sift.packages.libvshadow-python')]), OrderedDict([('sls', 'sift.packages.libvshadow-tools')]), OrderedDict([('sls', 'sift.packages.libxml2-dev')]), OrderedDict([('sls', 'sift.packages.libxslt-dev')]), OrderedDict([('sls', 'sift.packages.md5deep')]), OrderedDict([('sls', 'sift.packages.nbd-client')]), OrderedDict([('sls', 'sift.packages.nbtscan')]), OrderedDict([('sls', 'sift.packages.netcat')]), OrderedDict([('sls', 'sift.packages.netpbm')]), OrderedDict([('sls', 'sift.packages.netsed')]), OrderedDict([('sls', 'sift.packages.netwox')]), OrderedDict([('sls', 'sift.packages.nfdump')]), OrderedDict([('sls', 'sift.packages.ngrep')]), OrderedDict([('sls', 'sift.packages.nikto')]), OrderedDict([('sls', 'sift.packages.okular')]), OrderedDict([('sls', 'sift.packages.open-iscsi')]), OrderedDict([('sls', 'sift.packages.openjdk')]), OrderedDict([('sls', 'sift.packages.ophcrack')]), OrderedDict([('sls', 'sift.packages.ophcrack-cli')]), OrderedDict([('sls', 'sift.packages.outguess')]), OrderedDict([('sls', 'sift.packages.p0f')]), OrderedDict([('sls', 'sift.packages.p7zip-full')]), OrderedDict([('sls', 'sift.packages.pdftk')]), OrderedDict([('sls', 'sift.packages.perl')]), OrderedDict([('sls', 'sift.packages.pev')]), OrderedDict([('sls', 'sift.packages.phonon')]), OrderedDict([('sls', 'sift.packages.pkg-config')]), OrderedDict([('sls', 'sift.packages.powershell')]), OrderedDict([('sls', 'sift.packages.pv')]), OrderedDict([('sls', 'sift.packages.pyew')]), OrderedDict([('sls', 'sift.packages.pyew')]), OrderedDict([('sls', 'sift.packages.python')]), OrderedDict([('sls', 'sift.packages.python-dev')]), OrderedDict([('sls', 'sift.packages.python-dfvfs')]), OrderedDict([('sls', 'sift.packages.python-flowgrep')]), OrderedDict([('sls', 'sift.packages.python-fuse')]), OrderedDict([('sls', 'sift.packages.python-nids')]), OrderedDict([('sls', 'sift.packages.python-ntdsxtract')]), OrderedDict([('sls', 'sift.packages.python-pefile')]), OrderedDict([('sls', 'sift.packages.python-pip')]), OrderedDict([('sls', 'sift.packages.python-plaso')]), OrderedDict([('sls', 'sift.packages.python-pytsk3')]), OrderedDict([('sls', 'sift.packages.python-qt4')]), OrderedDict([('sls', 'sift.packages.python-tk')]), OrderedDict([('sls', 'sift.packages.python-virtualenv')]), OrderedDict([('sls', 'sift.packages.python-volatility')]), OrderedDict([('sls', 'sift.packages.python-yara')]), OrderedDict([('sls', 'sift.packages.qemu')]), OrderedDict([('sls', 'sift.packages.qemu-utils')]), OrderedDict([('sls', 'sift.packages.radare2')]), OrderedDict([('sls', 'sift.packages.rar')]), OrderedDict([('sls', 'sift.packages.readpst')]), OrderedDict([('sls', 'sift.packages.rsakeyfind')]), OrderedDict([('sls', 'sift.packages.safecopy')]), OrderedDict([('sls', 'sift.packages.samba')]), OrderedDict([('sls', 'sift.packages.samdump2')]), OrderedDict([('sls', 'sift.packages.scalpel')]), OrderedDict([('sls', 'sift.packages.sleuthkit')]), OrderedDict([('sls', 'sift.packages.socat')]), OrderedDict([('sls', 'sift.packages.ssdeep')]), OrderedDict([('sls', 'sift.packages.ssldump')]), OrderedDict([('sls', 'sift.packages.sslsniff')]), OrderedDict([('sls', 'sift.packages.stunnel4')]), OrderedDict([('sls', 'sift.packages.system-config-samba')]), OrderedDict([('sls', 'sift.packages.tcl')]), OrderedDict([('sls', 'sift.packages.tcpflow')]), OrderedDict([('sls', 'sift.packages.tcpick')]), OrderedDict([('sls', 'sift.packages.tcpreplay')]), OrderedDict([('sls', 'sift.packages.tcpslice')]), OrderedDict([('sls', 'sift.packages.tcpstat')]), OrderedDict([('sls', 'sift.packages.tcptrace')]), OrderedDict([('sls', 'sift.packages.tcptrack')]), OrderedDict([('sls', 'sift.packages.tcpxtract')]), OrderedDict([('sls', 'sift.packages.testdisk')]), OrderedDict([('sls', 'sift.packages.tofrodos')]), OrderedDict([('sls', 'sift.packages.transmission')]), OrderedDict([('sls', 'sift.packages.unity-control-center')]), OrderedDict([('sls', 'sift.packages.unrar')]), OrderedDict([('sls', 'sift.packages.upx-ucl')]), OrderedDict([('sls', 'sift.packages.vbindiff')]), OrderedDict([('sls', 'sift.packages.vim')]), OrderedDict([('sls', 'sift.packages.virtuoso-minimal')]), OrderedDict([('sls', 'sift.packages.vmfs-tools')]), OrderedDict([('sls', 'sift.packages.winbind')]), OrderedDict([('sls', 'sift.packages.wine')]), OrderedDict([('sls', 'sift.packages.wireshark')]), OrderedDict([('sls', 'sift.packages.xdot')]), OrderedDict([('sls', 'sift.packages.xfsprogs')]), OrderedDict([('sls', 'sift.packages.xmount')]), OrderedDict([('sls', 'sift.packages.xpdf')]), OrderedDict([('sls', 'sift.packages.zenity')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/init.sls' using 'yaml' renderer: 0.0623309612274 # [DEBUG ] Could not find file 'salt://sift/packages/absent.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/init.sls' to resolve 'salt://sift/packages/absent/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' to resolve 'salt://sift/packages/absent/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' using 'jinja' renderer: 0.000841856002808 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/init.sls: include: - .binplist - .unity-webapps-common # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.binplist', '.unity-webapps-common'])]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' using 'yaml' renderer: 0.000792980194092 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/binplist.sls' to resolve 'salt://sift/packages/absent/binplist.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' to resolve 'salt://sift/packages/absent/binplist.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' using 'jinja' renderer: 0.000661134719849 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls: binplist: pkg.removed # [DEBUG ] Results of YAML rendering: OrderedDict([('binplist', 'pkg.removed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' using 'yaml' renderer: 0.000494956970215 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/unity-webapps-common.sls' to resolve 'salt://sift/packages/absent/unity-webapps-common.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' to resolve 'salt://sift/packages/absent/unity-webapps-common.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' using 'jinja' renderer: 0.000653982162476 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls: unity-webapps-common: pkg.removed # [DEBUG ] Results of YAML rendering: OrderedDict([('unity-webapps-common', 'pkg.removed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' using 'yaml' renderer: 0.000571012496948 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/aeskeyfind.sls' to resolve 'salt://sift/packages/aeskeyfind.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' to resolve 'salt://sift/packages/aeskeyfind.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' using 'jinja' renderer: 0.000801086425781 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls: aeskeyfind: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('aeskeyfind', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' using 'yaml' renderer: 0.000577211380005 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/afflib-tools.sls' to resolve 'salt://sift/packages/afflib-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' to resolve 'salt://sift/packages/afflib-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls: afflib-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('afflib-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' using 'yaml' renderer: 0.000538110733032 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/afterglow.sls' to resolve 'salt://sift/packages/afterglow.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' to resolve 'salt://sift/packages/afterglow.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/afterglow.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' using 'jinja' renderer: 0.000922918319702 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/afterglow.sls: include: - sift.repos.sift afterglow: pkg.installed: - required: - pkgrepo: sift-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.sift']), ('afterglow', OrderedDict([('pkg.installed', [OrderedDict([('required', [OrderedDict([('pkgrepo', 'sift-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' using 'yaml' renderer: 0.00140023231506 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/aircrack-ng.sls' to resolve 'salt://sift/packages/aircrack-ng.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' to resolve 'salt://sift/packages/aircrack-ng.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' using 'jinja' renderer: 0.000765085220337 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls: aircrack-ng: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('aircrack-ng', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' using 'yaml' renderer: 0.000526189804077 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/apache2.sls' to resolve 'salt://sift/packages/apache2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' to resolve 'salt://sift/packages/apache2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/apache2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' using 'jinja' renderer: 0.000711917877197 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/apache2.sls: apache2: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('apache2', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' using 'yaml' renderer: 0.000511884689331 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/arp-scan.sls' to resolve 'salt://sift/packages/arp-scan.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' to resolve 'salt://sift/packages/arp-scan.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/arp-scan.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' using 'jinja' renderer: 0.000679016113281 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/arp-scan.sls: arp-scan: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('arp-scan', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' using 'yaml' renderer: 0.000502109527588 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/autopsy.sls' to resolve 'salt://sift/packages/autopsy.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' to resolve 'salt://sift/packages/autopsy.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/autopsy.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' using 'jinja' renderer: 0.000651121139526 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/autopsy.sls: autopsy: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('autopsy', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' using 'yaml' renderer: 0.000482082366943 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bcrypt.sls' to resolve 'salt://sift/packages/bcrypt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' to resolve 'salt://sift/packages/bcrypt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bcrypt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' using 'jinja' renderer: 0.000766038894653 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bcrypt.sls: bcrypt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bcrypt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' using 'yaml' renderer: 0.000561952590942 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bitpim.sls' to resolve 'salt://sift/packages/bitpim.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' to resolve 'salt://sift/packages/bitpim.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bitpim.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' using 'jinja' renderer: 0.000667095184326 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bitpim.sls: bitpim: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bitpim', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' using 'yaml' renderer: 0.00049090385437 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bitpim-lib.sls' to resolve 'salt://sift/packages/bitpim-lib.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' to resolve 'salt://sift/packages/bitpim-lib.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' using 'jinja' renderer: 0.000642061233521 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls: bitpim-lib: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bitpim-lib', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' using 'yaml' renderer: 0.000493049621582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bkhive.sls' to resolve 'salt://sift/packages/bkhive.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' to resolve 'salt://sift/packages/bkhive.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bkhive.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' using 'jinja' renderer: 0.00104522705078 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bkhive.sls: bkhive: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bkhive', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' using 'yaml' renderer: 0.000489950180054 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bless.sls' to resolve 'salt://sift/packages/bless.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bless.sls' to resolve 'salt://sift/packages/bless.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bless.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bless.sls' using 'jinja' renderer: 0.000648021697998 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bless.sls: bless: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bless', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bless.sls' using 'yaml' renderer: 0.000489950180054 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/blt.sls' to resolve 'salt://sift/packages/blt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/blt.sls' to resolve 'salt://sift/packages/blt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/blt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/blt.sls' using 'jinja' renderer: 0.000695943832397 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/blt.sls: blt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('blt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/blt.sls' using 'yaml' renderer: 0.000639915466309 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/build-essential.sls' to resolve 'salt://sift/packages/build-essential.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' to resolve 'salt://sift/packages/build-essential.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/build-essential.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/build-essential.sls: build-essential: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('build-essential', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' using 'yaml' renderer: 0.000508785247803 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bulk-extractor.sls' to resolve 'salt://sift/packages/bulk-extractor.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' to resolve 'salt://sift/packages/bulk-extractor.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' using 'jinja' renderer: 0.000704050064087 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls: include: - ..repos.sift - ..repos.openjdk bulk-extractor: pkg.installed: - require: - pkgrepo: sift-repo - pkgrepo: openjdk-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.openjdk']), ('bulk-extractor', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'openjdk-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' using 'yaml' renderer: 0.00155401229858 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cabextract.sls' to resolve 'salt://sift/packages/cabextract.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' to resolve 'salt://sift/packages/cabextract.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cabextract.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' using 'jinja' renderer: 0.000645160675049 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cabextract.sls: cabextract: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cabextract', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' using 'yaml' renderer: 0.000489950180054 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ccrypt.sls' to resolve 'salt://sift/packages/ccrypt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' to resolve 'salt://sift/packages/ccrypt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ccrypt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' using 'jinja' renderer: 0.000642061233521 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ccrypt.sls: ccrypt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ccrypt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cifs-utils.sls' to resolve 'salt://sift/packages/cifs-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' to resolve 'salt://sift/packages/cifs-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' using 'jinja' renderer: 0.000657081604004 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls: cifs-utils: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cifs-utils', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' using 'yaml' renderer: 0.000542879104614 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/clamav.sls' to resolve 'salt://sift/packages/clamav.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' to resolve 'salt://sift/packages/clamav.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/clamav.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' using 'jinja' renderer: 0.000794887542725 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/clamav.sls: clamav: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('clamav', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' using 'yaml' renderer: 0.000549077987671 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cmospwd.sls' to resolve 'salt://sift/packages/cmospwd.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' to resolve 'salt://sift/packages/cmospwd.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cmospwd.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' using 'jinja' renderer: 0.000675916671753 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cmospwd.sls: cmospwd: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cmospwd', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' using 'yaml' renderer: 0.000504016876221 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cryptcat.sls' to resolve 'salt://sift/packages/cryptcat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' to resolve 'salt://sift/packages/cryptcat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cryptcat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' using 'jinja' renderer: 0.000768899917603 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cryptcat.sls: cryptcat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cryptcat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' using 'yaml' renderer: 0.000566959381104 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cryptsetup.sls' to resolve 'salt://sift/packages/cryptsetup.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' to resolve 'salt://sift/packages/cryptsetup.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' using 'jinja' renderer: 0.000679016113281 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls: cryptsetup: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cryptsetup', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' using 'yaml' renderer: 0.000492095947266 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/curl.sls' to resolve 'salt://sift/packages/curl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/curl.sls' to resolve 'salt://sift/packages/curl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/curl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/curl.sls' using 'jinja' renderer: 0.00108599662781 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/curl.sls: curl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('curl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/curl.sls' using 'yaml' renderer: 0.000581026077271 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dc3dd.sls' to resolve 'salt://sift/packages/dc3dd.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' to resolve 'salt://sift/packages/dc3dd.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dc3dd.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' using 'jinja' renderer: 0.000737905502319 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dc3dd.sls: dc3dd: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dc3dd', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' using 'yaml' renderer: 0.00051212310791 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dcfldd.sls' to resolve 'salt://sift/packages/dcfldd.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' to resolve 'salt://sift/packages/dcfldd.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dcfldd.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' using 'jinja' renderer: 0.000643968582153 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dcfldd.sls: dcfldd: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dcfldd', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' using 'yaml' renderer: 0.000486850738525 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dconf-tools.sls' to resolve 'salt://sift/packages/dconf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' to resolve 'salt://sift/packages/dconf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' using 'jinja' renderer: 0.000657081604004 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls: dconf-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dconf-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' using 'yaml' renderer: 0.00083589553833 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/docker-engine.sls' to resolve 'salt://sift/packages/docker-engine.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' to resolve 'salt://sift/packages/docker-engine.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/docker-engine.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' using 'jinja' renderer: 0.000669956207275 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/docker-engine.sls: include: - ..repos.docker docker-engine: pkg.installed: - require: - pkgrepo: sift-docker-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.docker']), ('docker-engine', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-docker-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' using 'yaml' renderer: 0.00126218795776 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/driftnet.sls' to resolve 'salt://sift/packages/driftnet.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' to resolve 'salt://sift/packages/driftnet.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/driftnet.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' using 'jinja' renderer: 0.000699996948242 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/driftnet.sls: driftnet: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('driftnet', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' using 'yaml' renderer: 0.000583171844482 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dsniff.sls' to resolve 'salt://sift/packages/dsniff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' to resolve 'salt://sift/packages/dsniff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dsniff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' using 'jinja' renderer: 0.000744819641113 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dsniff.sls: dsniff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dsniff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' using 'yaml' renderer: 0.000503063201904 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dumbpig.sls' to resolve 'salt://sift/packages/dumbpig.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' to resolve 'salt://sift/packages/dumbpig.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dumbpig.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' using 'jinja' renderer: 0.000643014907837 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dumbpig.sls: dumbpig: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dumbpig', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' using 'yaml' renderer: 0.000516176223755 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/e2fslibs-dev.sls' to resolve 'salt://sift/packages/e2fslibs-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' to resolve 'salt://sift/packages/e2fslibs-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' using 'jinja' renderer: 0.000648975372314 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls: e2fslibs-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('e2fslibs-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' using 'yaml' renderer: 0.000483989715576 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ent.sls' to resolve 'salt://sift/packages/ent.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ent.sls' to resolve 'salt://sift/packages/ent.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ent.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ent.sls' using 'jinja' renderer: 0.000663042068481 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ent.sls: ent: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ent', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ent.sls' using 'yaml' renderer: 0.000470876693726 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/epic5.sls' to resolve 'salt://sift/packages/epic5.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' to resolve 'salt://sift/packages/epic5.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/epic5.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' using 'jinja' renderer: 0.00065803527832 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/epic5.sls: epic5: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('epic5', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' using 'yaml' renderer: 0.000504016876221 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/etherape.sls' to resolve 'salt://sift/packages/etherape.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' to resolve 'salt://sift/packages/etherape.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/etherape.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' using 'jinja' renderer: 0.000734090805054 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/etherape.sls: etherape: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('etherape', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' using 'yaml' renderer: 0.00054407119751 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ettercap-graphical.sls' to resolve 'salt://sift/packages/ettercap-graphical.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' to resolve 'salt://sift/packages/ettercap-graphical.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' using 'jinja' renderer: 0.000694036483765 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls: ettercap-graphical: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ettercap-graphical', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' using 'yaml' renderer: 0.000811815261841 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exfat-fuse.sls' to resolve 'salt://sift/packages/exfat-fuse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' to resolve 'salt://sift/packages/exfat-fuse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' using 'jinja' renderer: 0.00073504447937 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls: exfat-fuse: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('exfat-fuse', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' using 'yaml' renderer: 0.000516176223755 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exfat-utils.sls' to resolve 'salt://sift/packages/exfat-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' to resolve 'salt://sift/packages/exfat-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' using 'jinja' renderer: 0.000677108764648 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls: exfat-utils: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('exfat-utils', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' using 'yaml' renderer: 0.000497102737427 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exif.sls' to resolve 'salt://sift/packages/exif.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exif.sls' to resolve 'salt://sift/packages/exif.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exif.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exif.sls' using 'jinja' renderer: 0.000636100769043 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exif.sls: exif: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('exif', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exif.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/extundelete.sls' to resolve 'salt://sift/packages/extundelete.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' to resolve 'salt://sift/packages/extundelete.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/extundelete.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' using 'jinja' renderer: 0.000642061233521 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/extundelete.sls: extundelete: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('extundelete', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' using 'yaml' renderer: 0.000503063201904 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/fdupes.sls' to resolve 'salt://sift/packages/fdupes.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' to resolve 'salt://sift/packages/fdupes.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/fdupes.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' using 'jinja' renderer: 0.000746011734009 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/fdupes.sls: fdupes: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('fdupes', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' using 'yaml' renderer: 0.000530004501343 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/feh.sls' to resolve 'salt://sift/packages/feh.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/feh.sls' to resolve 'salt://sift/packages/feh.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/feh.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/feh.sls' using 'jinja' renderer: 0.000648975372314 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/feh.sls: feh: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('feh', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/feh.sls' using 'yaml' renderer: 0.000503063201904 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/flasm.sls' to resolve 'salt://sift/packages/flasm.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' to resolve 'salt://sift/packages/flasm.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/flasm.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' using 'jinja' renderer: 0.00066089630127 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/flasm.sls: flasm: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('flasm', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' using 'yaml' renderer: 0.000493049621582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/flex.sls' to resolve 'salt://sift/packages/flex.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/flex.sls' to resolve 'salt://sift/packages/flex.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/flex.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flex.sls' using 'jinja' renderer: 0.00102710723877 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/flex.sls: flex: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('flex', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flex.sls' using 'yaml' renderer: 0.000510931015015 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/foremost.sls' to resolve 'salt://sift/packages/foremost.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' to resolve 'salt://sift/packages/foremost.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/foremost.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' using 'jinja' renderer: 0.000767946243286 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/foremost.sls: foremost: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('foremost', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' using 'yaml' renderer: 0.000568151473999 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/g++.sls' to resolve 'salt://sift/packages/g++.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/g++.sls' to resolve 'salt://sift/packages/g++.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/g++.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/g++.sls' using 'jinja' renderer: 0.00105404853821 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/g++.sls: g++: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('g++', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/g++.sls' using 'yaml' renderer: 0.000698804855347 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gawk.sls' to resolve 'salt://sift/packages/gawk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' to resolve 'salt://sift/packages/gawk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gawk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' using 'jinja' renderer: 0.000804901123047 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gawk.sls: gawk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gawk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' using 'yaml' renderer: 0.000545978546143 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gcc.sls' to resolve 'salt://sift/packages/gcc.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' to resolve 'salt://sift/packages/gcc.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gcc.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' using 'jinja' renderer: 0.000784873962402 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gcc.sls: gcc: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gcc', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' using 'yaml' renderer: 0.000526905059814 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gdb.sls' to resolve 'salt://sift/packages/gdb.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' to resolve 'salt://sift/packages/gdb.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gdb.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' using 'jinja' renderer: 0.000701904296875 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gdb.sls: gdb: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gdb', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' using 'yaml' renderer: 0.000505924224854 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gddrescue.sls' to resolve 'salt://sift/packages/gddrescue.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' to resolve 'salt://sift/packages/gddrescue.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gddrescue.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' using 'jinja' renderer: 0.000689029693604 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gddrescue.sls: gddrescue: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gddrescue', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' using 'yaml' renderer: 0.000504016876221 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ghex.sls' to resolve 'salt://sift/packages/ghex.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' to resolve 'salt://sift/packages/ghex.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ghex.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' using 'jinja' renderer: 0.000789880752563 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ghex.sls: ghex: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ghex', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' using 'yaml' renderer: 0.000805139541626 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/git.sls' to resolve 'salt://sift/packages/git.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/git.sls' to resolve 'salt://sift/packages/git.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/git.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/git.sls' using 'jinja' renderer: 0.000772953033447 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/git.sls: git: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('git', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/git.sls' using 'yaml' renderer: 0.000535011291504 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/graphviz.sls' to resolve 'salt://sift/packages/graphviz.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' to resolve 'salt://sift/packages/graphviz.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/graphviz.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' using 'jinja' renderer: 0.000747919082642 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/graphviz.sls: graphviz: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('graphviz', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' using 'yaml' renderer: 0.00056004524231 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gthumb.sls' to resolve 'salt://sift/packages/gthumb.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' to resolve 'salt://sift/packages/gthumb.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gthumb.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' using 'jinja' renderer: 0.000722885131836 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gthumb.sls: gthumb: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gthumb', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' using 'yaml' renderer: 0.000534057617188 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gzrt.sls' to resolve 'salt://sift/packages/gzrt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' to resolve 'salt://sift/packages/gzrt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gzrt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' using 'jinja' renderer: 0.00068211555481 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gzrt.sls: gzrt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gzrt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' using 'yaml' renderer: 0.000637054443359 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hexedit.sls' to resolve 'salt://sift/packages/hexedit.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' to resolve 'salt://sift/packages/hexedit.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hexedit.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' using 'jinja' renderer: 0.000720024108887 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hexedit.sls: hexedit: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('hexedit', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' using 'yaml' renderer: 0.000610828399658 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/htop.sls' to resolve 'salt://sift/packages/htop.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/htop.sls' to resolve 'salt://sift/packages/htop.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/htop.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/htop.sls' using 'jinja' renderer: 0.000715017318726 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/htop.sls: htop: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('htop', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/htop.sls' using 'yaml' renderer: 0.000526905059814 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hydra.sls' to resolve 'salt://sift/packages/hydra.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' to resolve 'salt://sift/packages/hydra.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hydra.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' using 'jinja' renderer: 0.000704050064087 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hydra.sls: hydra: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('hydra', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' using 'yaml' renderer: 0.000514984130859 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hydra-gtk.sls' to resolve 'salt://sift/packages/hydra-gtk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' to resolve 'salt://sift/packages/hydra-gtk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' using 'jinja' renderer: 0.000688791275024 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls: hydra-gtk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('hydra-gtk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' using 'yaml' renderer: 0.000509023666382 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ipython.sls' to resolve 'salt://sift/packages/ipython.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' to resolve 'salt://sift/packages/ipython.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ipython.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' using 'jinja' renderer: 0.000681161880493 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ipython.sls: ipython: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ipython', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' using 'yaml' renderer: 0.000502824783325 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/jq.sls' to resolve 'salt://sift/packages/jq.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/jq.sls' to resolve 'salt://sift/packages/jq.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/jq.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/jq.sls' using 'jinja' renderer: 0.000736951828003 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/jq.sls: jq: pkg.installed: - name: jq # [DEBUG ] Results of YAML rendering: OrderedDict([('jq', OrderedDict([('pkg.installed', [OrderedDict([('name', 'jq')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/jq.sls' using 'yaml' renderer: 0.00179815292358 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/kdiff3.sls' to resolve 'salt://sift/packages/kdiff3.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' to resolve 'salt://sift/packages/kdiff3.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/kdiff3.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' using 'jinja' renderer: 0.000795125961304 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/kdiff3.sls: kdiff3: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('kdiff3', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' using 'yaml' renderer: 0.00052809715271 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/knocker.sls' to resolve 'salt://sift/packages/knocker.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' to resolve 'salt://sift/packages/knocker.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/knocker.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' using 'jinja' renderer: 0.000887870788574 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/knocker.sls: knocker: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('knocker', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' using 'yaml' renderer: 0.000546932220459 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/kpartx.sls' to resolve 'salt://sift/packages/kpartx.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' to resolve 'salt://sift/packages/kpartx.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/kpartx.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' using 'jinja' renderer: 0.00076699256897 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/kpartx.sls: kpartx: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('kpartx', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' using 'yaml' renderer: 0.000612020492554 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/lft.sls' to resolve 'salt://sift/packages/lft.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/lft.sls' to resolve 'salt://sift/packages/lft.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/lft.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/lft.sls' using 'jinja' renderer: 0.000857830047607 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/lft.sls: lft: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('lft', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/lft.sls' using 'yaml' renderer: 0.000638961791992 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libafflib-dev.sls' to resolve 'salt://sift/packages/libafflib-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' to resolve 'salt://sift/packages/libafflib-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' using 'jinja' renderer: 0.000799179077148 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls: libafflib-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libafflib-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' using 'yaml' renderer: 0.000590801239014 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libafflib.sls' to resolve 'salt://sift/packages/libafflib.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' to resolve 'salt://sift/packages/libafflib.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libafflib.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' using 'jinja' renderer: 0.00222897529602 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libafflib.sls: libafflib: pkg.installed: - name: libafflib0v5 # [DEBUG ] Results of YAML rendering: OrderedDict([('libafflib', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libafflib0v5')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' using 'yaml' renderer: 0.000910043716431 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libbde.sls' to resolve 'salt://sift/packages/libbde.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' to resolve 'salt://sift/packages/libbde.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libbde.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' using 'jinja' renderer: 0.000715970993042 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libbde.sls: libbde: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libbde', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' using 'yaml' renderer: 0.000550031661987 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libbde-tools.sls' to resolve 'salt://sift/packages/libbde-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' to resolve 'salt://sift/packages/libbde-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' using 'jinja' renderer: 0.00076699256897 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls: libbde-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libbde-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' using 'yaml' renderer: 0.000583171844482 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libesedb.sls' to resolve 'salt://sift/packages/libesedb.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' to resolve 'salt://sift/packages/libesedb.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libesedb.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' using 'jinja' renderer: 0.000734806060791 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libesedb.sls: libesedb: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libesedb', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' using 'yaml' renderer: 0.00053596496582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libesedb-tools.sls' to resolve 'salt://sift/packages/libesedb-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' to resolve 'salt://sift/packages/libesedb-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' using 'jinja' renderer: 0.000869989395142 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls: libesedb-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libesedb-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' using 'yaml' renderer: 0.000617980957031 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevt.sls' to resolve 'salt://sift/packages/libevt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' to resolve 'salt://sift/packages/libevt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' using 'jinja' renderer: 0.000656843185425 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevt.sls: libevt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' using 'yaml' renderer: 0.000494956970215 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevt-tools.sls' to resolve 'salt://sift/packages/libevt-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' to resolve 'salt://sift/packages/libevt-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' using 'jinja' renderer: 0.000648021697998 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls: libevt-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevt-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevtx.sls' to resolve 'salt://sift/packages/libevtx.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' to resolve 'salt://sift/packages/libevtx.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevtx.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevtx.sls: libevtx: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevtx', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' using 'yaml' renderer: 0.000538110733032 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevtx-tools.sls' to resolve 'salt://sift/packages/libevtx-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' to resolve 'salt://sift/packages/libevtx-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' using 'jinja' renderer: 0.000690937042236 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls: libevtx-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevtx-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' using 'yaml' renderer: 0.000501871109009 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf.sls' to resolve 'salt://sift/packages/libewf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' to resolve 'salt://sift/packages/libewf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' using 'jinja' renderer: 0.000678062438965 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf.sls: libewf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' using 'yaml' renderer: 0.000540971755981 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-dev.sls' to resolve 'salt://sift/packages/libewf-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' to resolve 'salt://sift/packages/libewf-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' using 'jinja' renderer: 0.00068998336792 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls: libewf-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' using 'yaml' renderer: 0.000501871109009 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-python.sls' to resolve 'salt://sift/packages/libewf-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' to resolve 'salt://sift/packages/libewf-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' using 'jinja' renderer: 0.00104999542236 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-python.sls: libewf-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' using 'yaml' renderer: 0.000503778457642 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-tools.sls' to resolve 'salt://sift/packages/libewf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' to resolve 'salt://sift/packages/libewf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' using 'jinja' renderer: 0.000677108764648 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls: libewf-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' using 'yaml' renderer: 0.000498056411743 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libffi-dev.sls' to resolve 'salt://sift/packages/libffi-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' to resolve 'salt://sift/packages/libffi-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' using 'jinja' renderer: 0.000642061233521 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls: libffi-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libffi-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' using 'yaml' renderer: 0.000483989715576 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfuse-dev.sls' to resolve 'salt://sift/packages/libfuse-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' to resolve 'salt://sift/packages/libfuse-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' using 'jinja' renderer: 0.000659942626953 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls: libfuse-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libfuse-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' using 'yaml' renderer: 0.00049901008606 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfvde.sls' to resolve 'salt://sift/packages/libfvde.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' to resolve 'salt://sift/packages/libfvde.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfvde.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' using 'jinja' renderer: 0.00079607963562 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfvde.sls: include: - sift.repos.gift libfvde: pkg.installed: - require: - pkgrepo: sift-gift-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.gift']), ('libfvde', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' using 'yaml' renderer: 0.00132489204407 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfvde-tools.sls' to resolve 'salt://sift/packages/libfvde-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' to resolve 'salt://sift/packages/libfvde-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' using 'jinja' renderer: 0.000700950622559 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls: libfvde-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libfvde-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' using 'yaml' renderer: 0.000515937805176 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/liblightgrep.sls' to resolve 'salt://sift/packages/liblightgrep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' to resolve 'salt://sift/packages/liblightgrep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' using 'jinja' renderer: 0.000669956207275 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls: liblightgrep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('liblightgrep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' using 'yaml' renderer: 0.000493049621582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libmsiecf.sls' to resolve 'salt://sift/packages/libmsiecf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' to resolve 'salt://sift/packages/libmsiecf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' using 'jinja' renderer: 0.000733852386475 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls: libmsiecf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libmsiecf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' using 'yaml' renderer: 0.000511884689331 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libncurses.sls' to resolve 'salt://sift/packages/libncurses.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' to resolve 'salt://sift/packages/libncurses.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libncurses.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' using 'jinja' renderer: 0.000661849975586 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libncurses.sls: libncurses: pkg.installed: - name: libncurses5-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('libncurses', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libncurses5-dev')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' using 'yaml' renderer: 0.00086498260498 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libnet1.sls' to resolve 'salt://sift/packages/libnet1.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' to resolve 'salt://sift/packages/libnet1.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libnet1.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' using 'jinja' renderer: 0.000741004943848 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libnet1.sls: libnet1: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libnet1', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' using 'yaml' renderer: 0.000558853149414 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libolecf.sls' to resolve 'salt://sift/packages/libolecf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' to resolve 'salt://sift/packages/libolecf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libolecf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' using 'jinja' renderer: 0.000853061676025 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libolecf.sls: libolecf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libolecf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' using 'yaml' renderer: 0.000596046447754 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libparse-win32registry-perl.sls' to resolve 'salt://sift/packages/libparse-win32registry-perl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' to resolve 'salt://sift/packages/libparse-win32registry-perl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' using 'jinja' renderer: 0.000750064849854 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls: libparse-win32registry-perl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libparse-win32registry-perl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' using 'yaml' renderer: 0.000536918640137 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff.sls' to resolve 'salt://sift/packages/libpff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' to resolve 'salt://sift/packages/libpff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' using 'jinja' renderer: 0.000672817230225 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff.sls: libpff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' using 'yaml' renderer: 0.000554084777832 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-dev.sls' to resolve 'salt://sift/packages/libpff-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' to resolve 'salt://sift/packages/libpff-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' using 'jinja' renderer: 0.000864028930664 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls: libpff-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' using 'yaml' renderer: 0.000591039657593 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-python.sls' to resolve 'salt://sift/packages/libpff-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' to resolve 'salt://sift/packages/libpff-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' using 'jinja' renderer: 0.000770092010498 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-python.sls: libpff-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' using 'yaml' renderer: 0.000631093978882 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-tools.sls' to resolve 'salt://sift/packages/libpff-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' to resolve 'salt://sift/packages/libpff-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' using 'jinja' renderer: 0.000792980194092 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls: libpff-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' using 'yaml' renderer: 0.000553846359253 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libplist-utils.sls' to resolve 'salt://sift/packages/libplist-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls' to resolve 'salt://sift/packages/libplist-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls' using 'jinja' renderer: 0.000733137130737 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls: sift-package-libplist-utils: pkg.installed: - name: libplist-utils # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-package-libplist-utils', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libplist-utils')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls' using 'yaml' renderer: 0.000900983810425 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf.sls' to resolve 'salt://sift/packages/libregf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' to resolve 'salt://sift/packages/libregf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' using 'jinja' renderer: 0.00066614151001 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf.sls: libregf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' using 'yaml' renderer: 0.000495910644531 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-dev.sls' to resolve 'salt://sift/packages/libregf-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' to resolve 'salt://sift/packages/libregf-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' using 'jinja' renderer: 0.000654935836792 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls: libregf-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' using 'yaml' renderer: 0.00049901008606 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-python.sls' to resolve 'salt://sift/packages/libregf-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' to resolve 'salt://sift/packages/libregf-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' using 'jinja' renderer: 0.00109386444092 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-python.sls: libregf-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' using 'yaml' renderer: 0.000604152679443 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-tools.sls' to resolve 'salt://sift/packages/libregf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' to resolve 'salt://sift/packages/libregf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' using 'jinja' renderer: 0.000818014144897 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls: libregf-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' using 'yaml' renderer: 0.000553131103516 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libssl-dev.sls' to resolve 'salt://sift/packages/libssl-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' to resolve 'salt://sift/packages/libssl-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' using 'jinja' renderer: 0.000667095184326 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls: libssl-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libssl-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' using 'yaml' renderer: 0.000521898269653 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libtext-csv-perl.sls' to resolve 'salt://sift/packages/libtext-csv-perl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' to resolve 'salt://sift/packages/libtext-csv-perl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' using 'jinja' renderer: 0.000642061233521 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls: libtext-csv-perl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libtext-csv-perl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' using 'yaml' renderer: 0.000500917434692 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvmdk.sls' to resolve 'salt://sift/packages/libvmdk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' to resolve 'salt://sift/packages/libvmdk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvmdk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' using 'jinja' renderer: 0.00064492225647 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvmdk.sls: libvmdk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvmdk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' using 'yaml' renderer: 0.000494003295898 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow.sls' to resolve 'salt://sift/packages/libvshadow.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' to resolve 'salt://sift/packages/libvshadow.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' using 'jinja' renderer: 0.000684022903442 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow.sls: libvshadow: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' using 'yaml' renderer: 0.000503063201904 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-dev.sls' to resolve 'salt://sift/packages/libvshadow-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' to resolve 'salt://sift/packages/libvshadow-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' using 'jinja' renderer: 0.000709056854248 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls: libvshadow-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' using 'yaml' renderer: 0.000563144683838 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-python.sls' to resolve 'salt://sift/packages/libvshadow-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' to resolve 'salt://sift/packages/libvshadow-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' using 'jinja' renderer: 0.00071907043457 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls: libvshadow-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' using 'yaml' renderer: 0.000533103942871 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-tools.sls' to resolve 'salt://sift/packages/libvshadow-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' to resolve 'salt://sift/packages/libvshadow-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' using 'jinja' renderer: 0.000676870346069 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls: libvshadow-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' using 'yaml' renderer: 0.000507116317749 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libxml2-dev.sls' to resolve 'salt://sift/packages/libxml2-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' to resolve 'salt://sift/packages/libxml2-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' using 'jinja' renderer: 0.000641107559204 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls: libxml2-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libxml2-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' using 'yaml' renderer: 0.000492095947266 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libxslt-dev.sls' to resolve 'salt://sift/packages/libxslt-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' to resolve 'salt://sift/packages/libxslt-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' using 'jinja' renderer: 0.000646114349365 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls: libxslt-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libxslt-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' using 'yaml' renderer: 0.000502109527588 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/md5deep.sls' to resolve 'salt://sift/packages/md5deep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' to resolve 'salt://sift/packages/md5deep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/md5deep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' using 'jinja' renderer: 0.000680923461914 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/md5deep.sls: md5deep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('md5deep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' using 'yaml' renderer: 0.000496864318848 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nbd-client.sls' to resolve 'salt://sift/packages/nbd-client.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' to resolve 'salt://sift/packages/nbd-client.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nbd-client.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' using 'jinja' renderer: 0.000842094421387 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nbd-client.sls: nbd-client: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('nbd-client', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' using 'yaml' renderer: 0.000578165054321 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nbtscan.sls' to resolve 'salt://sift/packages/nbtscan.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' to resolve 'salt://sift/packages/nbtscan.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nbtscan.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' using 'jinja' renderer: 0.000655174255371 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nbtscan.sls: nbtscan: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('nbtscan', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' using 'yaml' renderer: 0.000491142272949 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netcat.sls' to resolve 'salt://sift/packages/netcat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' to resolve 'salt://sift/packages/netcat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netcat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' using 'jinja' renderer: 0.000648975372314 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netcat.sls: netcat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netcat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' using 'yaml' renderer: 0.00049901008606 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netpbm.sls' to resolve 'salt://sift/packages/netpbm.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' to resolve 'salt://sift/packages/netpbm.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netpbm.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' using 'jinja' renderer: 0.000638961791992 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netpbm.sls: netpbm: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netpbm', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' using 'yaml' renderer: 0.000495910644531 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netsed.sls' to resolve 'salt://sift/packages/netsed.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' to resolve 'salt://sift/packages/netsed.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netsed.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' using 'jinja' renderer: 0.000671863555908 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netsed.sls: netsed: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netsed', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' using 'yaml' renderer: 0.000530958175659 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netwox.sls' to resolve 'salt://sift/packages/netwox.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' to resolve 'salt://sift/packages/netwox.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netwox.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' using 'jinja' renderer: 0.00110912322998 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netwox.sls: netwox: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netwox', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' using 'yaml' renderer: 0.00055980682373 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nfdump.sls' to resolve 'salt://sift/packages/nfdump.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' to resolve 'salt://sift/packages/nfdump.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nfdump.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' using 'jinja' renderer: 0.000757932662964 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nfdump.sls: nfdump: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('nfdump', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' using 'yaml' renderer: 0.000524997711182 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ngrep.sls' to resolve 'salt://sift/packages/ngrep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' to resolve 'salt://sift/packages/ngrep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ngrep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' using 'jinja' renderer: 0.000653982162476 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ngrep.sls: ngrep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ngrep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' using 'yaml' renderer: 0.000491857528687 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nikto.sls' to resolve 'salt://sift/packages/nikto.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' to resolve 'salt://sift/packages/nikto.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nikto.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' using 'jinja' renderer: 0.000695943832397 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nikto.sls: include: - sift.repos.ubuntu-multiverse sift-nikto: pkg.installed: - name: nikto - require: - sls: sift.repos.ubuntu-multiverse # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-nikto', OrderedDict([('pkg.installed', [OrderedDict([('name', 'nikto')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' using 'yaml' renderer: 0.0014910697937 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/okular.sls' to resolve 'salt://sift/packages/okular.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/okular.sls' to resolve 'salt://sift/packages/okular.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/okular.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/okular.sls' using 'jinja' renderer: 0.000662088394165 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/okular.sls: okular: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('okular', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/okular.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/open-iscsi.sls' to resolve 'salt://sift/packages/open-iscsi.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' to resolve 'salt://sift/packages/open-iscsi.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' using 'jinja' renderer: 0.000642061233521 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls: open-iscsi: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('open-iscsi', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' using 'yaml' renderer: 0.000504016876221 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/openjdk.sls' to resolve 'salt://sift/packages/openjdk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' to resolve 'salt://sift/packages/openjdk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/openjdk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' using 'jinja' renderer: 0.0023820400238 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/openjdk.sls: include: - ..repos.openjdk openjdk: pkg.installed: - name: openjdk-7-jdk - require: - pkgrepo: openjdk-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.openjdk']), ('openjdk', OrderedDict([('pkg.installed', [OrderedDict([('name', 'openjdk-7-jdk')]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'openjdk-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' using 'yaml' renderer: 0.00156807899475 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ophcrack.sls' to resolve 'salt://sift/packages/ophcrack.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' to resolve 'salt://sift/packages/ophcrack.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ophcrack.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' using 'jinja' renderer: 0.000684976577759 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ophcrack.sls: ophcrack: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ophcrack', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' using 'yaml' renderer: 0.000486135482788 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ophcrack-cli.sls' to resolve 'salt://sift/packages/ophcrack-cli.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' to resolve 'salt://sift/packages/ophcrack-cli.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' using 'jinja' renderer: 0.00064492225647 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls: ophcrack-cli: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ophcrack-cli', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' using 'yaml' renderer: 0.000499963760376 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/outguess.sls' to resolve 'salt://sift/packages/outguess.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' to resolve 'salt://sift/packages/outguess.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/outguess.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' using 'jinja' renderer: 0.000637054443359 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/outguess.sls: outguess: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('outguess', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' using 'yaml' renderer: 0.000493049621582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/p0f.sls' to resolve 'salt://sift/packages/p0f.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' to resolve 'salt://sift/packages/p0f.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/p0f.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' using 'jinja' renderer: 0.000654935836792 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/p0f.sls: p0f: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('p0f', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' using 'yaml' renderer: 0.000532150268555 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/p7zip-full.sls' to resolve 'salt://sift/packages/p7zip-full.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' to resolve 'salt://sift/packages/p7zip-full.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' using 'jinja' renderer: 0.000737905502319 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls: p7zip-full: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('p7zip-full', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' using 'yaml' renderer: 0.000538110733032 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pdftk.sls' to resolve 'salt://sift/packages/pdftk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' to resolve 'salt://sift/packages/pdftk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pdftk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' using 'jinja' renderer: 0.000662088394165 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pdftk.sls: pdftk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pdftk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' using 'yaml' renderer: 0.00049877166748 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/perl.sls' to resolve 'salt://sift/packages/perl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/perl.sls' to resolve 'salt://sift/packages/perl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/perl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/perl.sls' using 'jinja' renderer: 0.000732183456421 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/perl.sls: sift-package-perl: pkg.installed: - name: perl sift-package-perl-cpan-configure: cmd.wait: - name: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' - watch: - pkg: sift-package-perl # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-package-perl', OrderedDict([('pkg.installed', [OrderedDict([('name', 'perl')])])])), ('sift-package-perl-cpan-configure', OrderedDict([('cmd.wait', [OrderedDict([('name', 'perl -MCPAN -e \'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit\'')]), OrderedDict([('watch', [OrderedDict([('pkg', 'sift-package-perl')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/perl.sls' using 'yaml' renderer: 0.00243282318115 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pev.sls' to resolve 'salt://sift/packages/pev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pev.sls' to resolve 'salt://sift/packages/pev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pev.sls' using 'jinja' renderer: 0.000646114349365 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pev.sls: pev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pev.sls' using 'yaml' renderer: 0.000492095947266 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/phonon.sls' to resolve 'salt://sift/packages/phonon.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' to resolve 'salt://sift/packages/phonon.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/phonon.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' using 'jinja' renderer: 0.00070595741272 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/phonon.sls: phonon: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('phonon', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' using 'yaml' renderer: 0.000557899475098 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pkg-config.sls' to resolve 'salt://sift/packages/pkg-config.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' to resolve 'salt://sift/packages/pkg-config.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pkg-config.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' using 'jinja' renderer: 0.000761985778809 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pkg-config.sls: pkg-config: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pkg-config', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' using 'yaml' renderer: 0.000530958175659 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/powershell.sls' to resolve 'salt://sift/packages/powershell.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' to resolve 'salt://sift/packages/powershell.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/powershell.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' using 'jinja' renderer: 0.00234484672546 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/powershell.sls: sift-powershell-source: file.managed: - name: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb - source: "https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb" - source_hash: sha256=719fc2d42486f4fe123156e9b4380929c6dd28cb6ccbf928ba746020c1caea58 - makedirs: True sift-powershell: pkg.installed: - sources: - powershell: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb - watch: - file: sift-powershell-source # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-powershell-source', OrderedDict([('file.managed', [OrderedDict([('name', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')]), OrderedDict([('source', 'https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')]), OrderedDict([('source_hash', 'sha256=719fc2d42486f4fe123156e9b4380929c6dd28cb6ccbf928ba746020c1caea58')]), OrderedDict([('makedirs', True)])])])), ('sift-powershell', OrderedDict([('pkg.installed', [OrderedDict([('sources', [OrderedDict([('powershell', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')])])]), OrderedDict([('watch', [OrderedDict([('file', 'sift-powershell-source')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' using 'yaml' renderer: 0.00292110443115 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pv.sls' to resolve 'salt://sift/packages/pv.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pv.sls' to resolve 'salt://sift/packages/pv.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pv.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pv.sls' using 'jinja' renderer: 0.000654935836792 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pv.sls: pv: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pv', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pv.sls' using 'yaml' renderer: 0.000493049621582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pyew.sls' to resolve 'salt://sift/packages/pyew.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' to resolve 'salt://sift/packages/pyew.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pyew.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' using 'jinja' renderer: 0.000663995742798 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pyew.sls: pyew: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pyew', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' using 'yaml' renderer: 0.000564813613892 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python.sls' to resolve 'salt://sift/packages/python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python.sls' to resolve 'salt://sift/packages/python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python.sls' using 'jinja' renderer: 0.000773906707764 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python.sls: python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python.sls' using 'yaml' renderer: 0.000525951385498 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-dev.sls' to resolve 'salt://sift/packages/python-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' to resolve 'salt://sift/packages/python-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' using 'jinja' renderer: 0.000645875930786 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-dev.sls: python-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' using 'yaml' renderer: 0.000492095947266 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-dfvfs.sls' to resolve 'salt://sift/packages/python-dfvfs.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' to resolve 'salt://sift/packages/python-dfvfs.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' using 'jinja' renderer: 0.000710964202881 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls: include: - ..repos.sift - ..repos.gift python-dfvfs: pkg.installed: - name: python-dfvfs - version: 20160108-1ppa1~xenial - hold: True - require: - pkgrepo: sift-repo - pkgrepo: sift-gift-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.gift']), ('python-dfvfs', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-dfvfs')]), OrderedDict([('version', '20160108-1ppa1~xenial')]), OrderedDict([('hold', True)]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' using 'yaml' renderer: 0.00224804878235 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-flowgrep.sls' to resolve 'salt://sift/packages/python-flowgrep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' to resolve 'salt://sift/packages/python-flowgrep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' using 'jinja' renderer: 0.000643014907837 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls: python-flowgrep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-flowgrep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' using 'yaml' renderer: 0.000489950180054 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-fuse.sls' to resolve 'salt://sift/packages/python-fuse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' to resolve 'salt://sift/packages/python-fuse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-fuse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' using 'jinja' renderer: 0.000669956207275 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-fuse.sls: python-fuse: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-fuse', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' using 'yaml' renderer: 0.000580787658691 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-nids.sls' to resolve 'salt://sift/packages/python-nids.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' to resolve 'salt://sift/packages/python-nids.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-nids.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' using 'jinja' renderer: 0.000783920288086 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-nids.sls: python-nids: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-nids', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' using 'yaml' renderer: 0.000535011291504 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-ntdsxtract.sls' to resolve 'salt://sift/packages/python-ntdsxtract.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' to resolve 'salt://sift/packages/python-ntdsxtract.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' using 'jinja' renderer: 0.00106906890869 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls: python-ntdsxtract: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-ntdsxtract', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' using 'yaml' renderer: 0.000511884689331 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pefile.sls' to resolve 'salt://sift/packages/python-pefile.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' to resolve 'salt://sift/packages/python-pefile.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pefile.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' using 'jinja' renderer: 0.000646114349365 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pefile.sls: python-pefile: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-pefile', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' using 'yaml' renderer: 0.000501155853271 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pip.sls' to resolve 'salt://sift/packages/python-pip.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' to resolve 'salt://sift/packages/python-pip.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pip.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' using 'jinja' renderer: 0.000653028488159 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pip.sls: include: - .python python-pip: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.python']), ('python-pip', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' using 'yaml' renderer: 0.000722885131836 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-plaso.sls' to resolve 'salt://sift/packages/python-plaso.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' to resolve 'salt://sift/packages/python-plaso.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-plaso.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' using 'jinja' renderer: 0.000756978988647 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-plaso.sls: include: - ..repos.sift - ..repos.gift - sift.packages.python-xlsxwriter - sift.packages.python-dfvfs python-plaso: pkg.installed: - name: python-plaso - version: 1.4.0-1ppa3~xenial - hold: True - require: - pkgrepo: sift-repo - pkgrepo: sift-gift-repo - sls: sift.packages.python-xlsxwriter - sls: sift.packages.python-dfvfs # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.gift', 'sift.packages.python-xlsxwriter', 'sift.packages.python-dfvfs']), ('python-plaso', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-plaso')]), OrderedDict([('version', '1.4.0-1ppa3~xenial')]), OrderedDict([('hold', True)]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'sift-gift-repo')]), OrderedDict([('sls', 'sift.packages.python-xlsxwriter')]), OrderedDict([('sls', 'sift.packages.python-dfvfs')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' using 'yaml' renderer: 0.00296902656555 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-xlsxwriter.sls' to resolve 'salt://sift/packages/python-xlsxwriter.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls' to resolve 'salt://sift/packages/python-xlsxwriter.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls' using 'jinja' renderer: 0.00100302696228 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls: sift-python3-xlsxwriter: pkg.removed: - name: python3-xlsxwriter sift-python-xlsxwriter: pkg.installed: - name: python-xlsxwriter # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-python3-xlsxwriter', OrderedDict([('pkg.removed', [OrderedDict([('name', 'python3-xlsxwriter')])])])), ('sift-python-xlsxwriter', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-xlsxwriter')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls' using 'yaml' renderer: 0.00143194198608 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pytsk3.sls' to resolve 'salt://sift/packages/python-pytsk3.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' to resolve 'salt://sift/packages/python-pytsk3.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' using 'jinja' renderer: 0.000776052474976 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls: pytsk3-removed: pkg.removed: - name: pytsk3 pytsk3: pkg.installed: - name: python-pytsk3 - required: - pkg: pytsk3-removed # [DEBUG ] Results of YAML rendering: OrderedDict([('pytsk3-removed', OrderedDict([('pkg.removed', [OrderedDict([('name', 'pytsk3')])])])), ('pytsk3', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-pytsk3')]), OrderedDict([('required', [OrderedDict([('pkg', 'pytsk3-removed')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' using 'yaml' renderer: 0.00182390213013 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-qt4.sls' to resolve 'salt://sift/packages/python-qt4.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' to resolve 'salt://sift/packages/python-qt4.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-qt4.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' using 'jinja' renderer: 0.000686168670654 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-qt4.sls: python-qt4: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-qt4', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' using 'yaml' renderer: 0.000514984130859 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-tk.sls' to resolve 'salt://sift/packages/python-tk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' to resolve 'salt://sift/packages/python-tk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-tk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' using 'jinja' renderer: 0.000648975372314 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-tk.sls: python-tk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-tk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' using 'yaml' renderer: 0.000515937805176 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-virtualenv.sls' to resolve 'salt://sift/packages/python-virtualenv.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' to resolve 'salt://sift/packages/python-virtualenv.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' using 'jinja' renderer: 0.000785112380981 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls: python-virtualenv: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-virtualenv', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' using 'yaml' renderer: 0.000570058822632 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-volatility.sls' to resolve 'salt://sift/packages/python-volatility.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' to resolve 'salt://sift/packages/python-volatility.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-volatility.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-volatility.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-volatility.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' using 'jinja' renderer: 0.00340414047241 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-volatility.sls: include: - ..repos.sift - .git - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.dpapick - sift.python-packages.distorm3 - sift.python-packages.haystack - sift.python-packages.ioc_writer - sift.python-packages.lxml - sift.python-packages.pefile - sift.python-packages.pycoin - sift.python-packages.pysocks - sift.python-packages.simplejson - sift.python-packages.yara-python python-volatility: pkg.installed: - name: python-volatility - require: - pkgrepo: sift-repo python-volatility-community-plugins: git.latest: - name: https://github.com/sans-dfir/volatility-plugins-community.git - target: /usr/lib/python2.7/dist-packages/volatility/plugins/community - user: root - rev: acc4319 - force_clone: True - force_reset: True - require: - pkg: git - pkg: python-volatility - sls: sift.python-packages.colorama - sls: sift.python-packages.construct - sls: sift.python-packages.dpapick - sls: sift.python-packages.distorm3 - sls: sift.python-packages.haystack - sls: sift.python-packages.ioc_writer - sls: sift.python-packages.lxml - sls: sift.python-packages.pefile - sls: sift.python-packages.pycoin - sls: sift.python-packages.pysocks - sls: sift.python-packages.simplejson - sls: sift.python-packages.yara-python python-volatility-sift-plugins: file.recurse: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ - source: salt://sift/files/volatility - makedirs: True - file_mode: 644 - include_pat: '*.py' - watch: - pkg: python-volatility python-volatility-plugins-malprocfind.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py - watch: - pkg: python-volatility python-volatility-plugins-idxparser.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py - watch: - pkg: python-volatility python-volatility-plugins-chromehistory.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py - watch: - pkg: python-volatility python-volatility-plugins-mimikatz.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py - watch: - pkg: python-volatility python-volatility-plugins-openioc_scan.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py - watch: - pkg: python-volatility python-volatility-plugins-pstotal.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py - watch: - pkg: python-volatility python-volatility-plugins-firefoxhistory.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py - watch: - pkg: python-volatility python-volatility-plugins-autoruns.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py - watch: - pkg: python-volatility python-volatility-plugins-malfinddeep.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py - watch: - pkg: python-volatility python-volatility-plugins-prefetch.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py - watch: - pkg: python-volatility python-volatility-plugins-baseline.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py - watch: - pkg: python-volatility python-volatility-plugins-ssdeepscan.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py - watch: - pkg: python-volatility python-volatility-plugins-uninstallinfo.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py - watch: - pkg: python-volatility python-volatility-plugins-trustrecords.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py - watch: - pkg: python-volatility python-volatility-plugins-usnparser.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py - watch: - pkg: python-volatility python-volatility-plugins-apihooksdeep.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py - watch: - pkg: python-volatility python-volatility-plugins-editbox.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py - watch: - pkg: python-volatility python-volatility-plugins-javarat.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py - watch: - pkg: python-volatility # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '.git', 'sift.python-packages.colorama', 'sift.python-packages.construct', 'sift.python-packages.dpapick', 'sift.python-packages.distorm3', 'sift.python-packages.haystack', 'sift.python-packages.ioc_writer', 'sift.python-packages.lxml', 'sift.python-packages.pefile', 'sift.python-packages.pycoin', 'sift.python-packages.pysocks', 'sift.python-packages.simplejson', 'sift.python-packages.yara-python']), ('python-volatility', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-volatility')]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')])])])])])), ('python-volatility-community-plugins', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/sans-dfir/volatility-plugins-community.git')]), OrderedDict([('target', '/usr/lib/python2.7/dist-packages/volatility/plugins/community')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'acc4319')]), OrderedDict([('force_clone', True)]), OrderedDict([('force_reset', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')]), OrderedDict([('pkg', 'python-volatility')]), OrderedDict([('sls', 'sift.python-packages.colorama')]), OrderedDict([('sls', 'sift.python-packages.construct')]), OrderedDict([('sls', 'sift.python-packages.dpapick')]), OrderedDict([('sls', 'sift.python-packages.distorm3')]), OrderedDict([('sls', 'sift.python-packages.haystack')]), OrderedDict([('sls', 'sift.python-packages.ioc_writer')]), OrderedDict([('sls', 'sift.python-packages.lxml')]), OrderedDict([('sls', 'sift.python-packages.pefile')]), OrderedDict([('sls', 'sift.python-packages.pycoin')]), OrderedDict([('sls', 'sift.python-packages.pysocks')]), OrderedDict([('sls', 'sift.python-packages.simplejson')]), OrderedDict([('sls', 'sift.python-packages.yara-python')])])])])])), ('python-volatility-sift-plugins', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/sift/')]), OrderedDict([('source', 'salt://sift/files/volatility')]), OrderedDict([('makedirs', True)]), OrderedDict([('file_mode', 644)]), OrderedDict([('include_pat', '*.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-malprocfind.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-idxparser.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-chromehistory.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-mimikatz.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-openioc_scan.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-pstotal.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-firefoxhistory.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-autoruns.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-malfinddeep.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-prefetch.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-baseline.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-ssdeepscan.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-uninstallinfo.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-trustrecords.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-usnparser.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-apihooksdeep.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-editbox.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-javarat.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' using 'yaml' renderer: 0.0283379554749 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/colorama.sls' to resolve 'salt://sift/python-packages/colorama.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' to resolve 'salt://sift/python-packages/colorama.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/colorama.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' using 'jinja' renderer: 0.000842094421387 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/colorama.sls: include: - ..packages.python-pip colorama: pip.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('colorama', 'pip.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' using 'yaml' renderer: 0.000894069671631 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/construct.sls' to resolve 'salt://sift/python-packages/construct.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' to resolve 'salt://sift/python-packages/construct.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/construct.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' using 'jinja' renderer: 0.000688076019287 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/construct.sls: include: - ..packages.python-pip construct: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('construct', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' using 'yaml' renderer: 0.00124907493591 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/dpapick.sls' to resolve 'salt://sift/python-packages/dpapick.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' to resolve 'salt://sift/python-packages/dpapick.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' using 'jinja' renderer: 0.00073504447937 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip - sift.packages.libssl-dev dpapick: pip.installed: - name: dpapick - upgrade: True - require: - pkg: python-pip - sls: sift.packages.libssl-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', 'sift.packages.libssl-dev']), ('dpapick', OrderedDict([('pip.installed', [OrderedDict([('name', 'dpapick')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('sls', 'sift.packages.libssl-dev')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' using 'yaml' renderer: 0.00211000442505 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/distorm3.sls' to resolve 'salt://sift/python-packages/distorm3.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' to resolve 'salt://sift/python-packages/distorm3.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' using 'jinja' renderer: 0.000857830047607 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls: include: - ..packages.python-pip distorm3: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('distorm3', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' using 'yaml' renderer: 0.00131297111511 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/haystack.sls' to resolve 'salt://sift/python-packages/haystack.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' to resolve 'salt://sift/python-packages/haystack.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/haystack.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' using 'jinja' renderer: 0.000738143920898 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/haystack.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip haystack: pip.installed: - name: haystack - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('haystack', OrderedDict([('pip.installed', [OrderedDict([('name', 'haystack')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' using 'yaml' renderer: 0.00178098678589 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/ioc_writer.sls' to resolve 'salt://sift/python-packages/ioc_writer.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' to resolve 'salt://sift/python-packages/ioc_writer.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' using 'jinja' renderer: 0.000787973403931 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls: include: - ..packages.python-pip - .lxml ioc_writer: pip.installed: - require: - pkg: python-pip - pip: lxml # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.lxml']), ('ioc_writer', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'lxml')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' using 'yaml' renderer: 0.00156402587891 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/lxml.sls' to resolve 'salt://sift/python-packages/lxml.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' to resolve 'salt://sift/python-packages/lxml.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/lxml.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/lxml.sls: include: - ..packages.python-pip - ..packages.libxml2-dev - ..packages.libxslt-dev lxml: pip.installed: - require: - pkg: python-pip - pkg: libxml2-dev - pkg: libxslt-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '..packages.libxml2-dev', '..packages.libxslt-dev']), ('lxml', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'libxml2-dev')]), OrderedDict([('pkg', 'libxslt-dev')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' using 'yaml' renderer: 0.00196814537048 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pefile.sls' to resolve 'salt://sift/python-packages/pefile.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' to resolve 'salt://sift/python-packages/pefile.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pefile.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' using 'jinja' renderer: 0.000831127166748 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pefile.sls: include: - ..packages.python-pip pefile: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pefile', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' using 'yaml' renderer: 0.00129199028015 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pycoin.sls' to resolve 'salt://sift/python-packages/pycoin.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' to resolve 'salt://sift/python-packages/pycoin.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip pycoin: pip.installed: - name: pycoin - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pycoin', OrderedDict([('pip.installed', [OrderedDict([('name', 'pycoin')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' using 'yaml' renderer: 0.00218796730042 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pysocks.sls' to resolve 'salt://sift/python-packages/pysocks.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' to resolve 'salt://sift/python-packages/pysocks.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' using 'jinja' renderer: 0.000679969787598 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls: include: - ..packages.python-pip pysocks: pip.installed: - name: pysocks - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pysocks', OrderedDict([('pip.installed', [OrderedDict([('name', 'pysocks')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' using 'yaml' renderer: 0.00144791603088 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/simplejson.sls' to resolve 'salt://sift/python-packages/simplejson.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' to resolve 'salt://sift/python-packages/simplejson.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' using 'jinja' renderer: 0.000753879547119 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip simplejson: pip.installed: - name: simplejson - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('simplejson', OrderedDict([('pip.installed', [OrderedDict([('name', 'simplejson')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' using 'yaml' renderer: 0.00203895568848 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/yara-python.sls' to resolve 'salt://sift/python-packages/yara-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' to resolve 'salt://sift/python-packages/yara-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' using 'jinja' renderer: 0.000860929489136 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip yara-python: pip.installed: - name: yara-python - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('yara-python', OrderedDict([('pip.installed', [OrderedDict([('name', 'yara-python')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' using 'yaml' renderer: 0.00177001953125 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-yara.sls' to resolve 'salt://sift/packages/python-yara.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' to resolve 'salt://sift/packages/python-yara.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-yara.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' using 'jinja' renderer: 0.000668048858643 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-yara.sls: python-yara: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-yara', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' using 'yaml' renderer: 0.000497817993164 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/qemu.sls' to resolve 'salt://sift/packages/qemu.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' to resolve 'salt://sift/packages/qemu.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/qemu.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' using 'jinja' renderer: 0.000643968582153 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/qemu.sls: qemu: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('qemu', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/qemu-utils.sls' to resolve 'salt://sift/packages/qemu-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' to resolve 'salt://sift/packages/qemu-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' using 'jinja' renderer: 0.000646829605103 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls: qemu-utils: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('qemu-utils', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' using 'yaml' renderer: 0.000494956970215 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/radare2.sls' to resolve 'salt://sift/packages/radare2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' to resolve 'salt://sift/packages/radare2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/radare2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' using 'jinja' renderer: 0.000768899917603 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/radare2.sls: radare2: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('radare2', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' using 'yaml' renderer: 0.000550985336304 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/rar.sls' to resolve 'salt://sift/packages/rar.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/rar.sls' to resolve 'salt://sift/packages/rar.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/rar.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rar.sls' using 'jinja' renderer: 0.000756025314331 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/rar.sls: include: - sift.repos.ubuntu-multiverse sift-rar: pkg.installed: - name: rar - require: - sls: sift.repos.ubuntu-multiverse # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-rar', OrderedDict([('pkg.installed', [OrderedDict([('name', 'rar')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rar.sls' using 'yaml' renderer: 0.00150203704834 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/readpst.sls' to resolve 'salt://sift/packages/readpst.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' to resolve 'salt://sift/packages/readpst.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/readpst.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' using 'jinja' renderer: 0.00067400932312 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/readpst.sls: readpst: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('readpst', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' using 'yaml' renderer: 0.000494003295898 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/rsakeyfind.sls' to resolve 'salt://sift/packages/rsakeyfind.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' to resolve 'salt://sift/packages/rsakeyfind.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' using 'jinja' renderer: 0.00063419342041 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls: rsakeyfind: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('rsakeyfind', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' using 'yaml' renderer: 0.000505924224854 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/safecopy.sls' to resolve 'salt://sift/packages/safecopy.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' to resolve 'salt://sift/packages/safecopy.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/safecopy.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' using 'jinja' renderer: 0.000639915466309 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/safecopy.sls: safecopy: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('safecopy', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' using 'yaml' renderer: 0.000486135482788 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/samba.sls' to resolve 'salt://sift/packages/samba.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/samba.sls' to resolve 'salt://sift/packages/samba.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/samba.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samba.sls' using 'jinja' renderer: 0.000757932662964 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/samba.sls: samba: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('samba', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samba.sls' using 'yaml' renderer: 0.000547170639038 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/samdump2.sls' to resolve 'salt://sift/packages/samdump2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' to resolve 'salt://sift/packages/samdump2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/samdump2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' using 'jinja' renderer: 0.0010678768158 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/samdump2.sls: samdump2: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('samdump2', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' using 'yaml' renderer: 0.000505924224854 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/scalpel.sls' to resolve 'salt://sift/packages/scalpel.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' to resolve 'salt://sift/packages/scalpel.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/scalpel.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' using 'jinja' renderer: 0.000634908676147 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/scalpel.sls: scalpel: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('scalpel', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' using 'yaml' renderer: 0.000508069992065 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/sleuthkit.sls' to resolve 'salt://sift/packages/sleuthkit.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' to resolve 'salt://sift/packages/sleuthkit.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' using 'jinja' renderer: 0.000640869140625 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls: sleuthkit: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('sleuthkit', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' using 'yaml' renderer: 0.000483989715576 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/socat.sls' to resolve 'salt://sift/packages/socat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/socat.sls' to resolve 'salt://sift/packages/socat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/socat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/socat.sls' using 'jinja' renderer: 0.000654935836792 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/socat.sls: socat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('socat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/socat.sls' using 'yaml' renderer: 0.00049901008606 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ssdeep.sls' to resolve 'salt://sift/packages/ssdeep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' to resolve 'salt://sift/packages/ssdeep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ssdeep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' using 'jinja' renderer: 0.000637054443359 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ssdeep.sls: ssdeep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ssdeep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' using 'yaml' renderer: 0.000494956970215 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ssldump.sls' to resolve 'salt://sift/packages/ssldump.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' to resolve 'salt://sift/packages/ssldump.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ssldump.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' using 'jinja' renderer: 0.000731945037842 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ssldump.sls: ssldump: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ssldump', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' using 'yaml' renderer: 0.000531911849976 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/sslsniff.sls' to resolve 'salt://sift/packages/sslsniff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' to resolve 'salt://sift/packages/sslsniff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/sslsniff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' using 'jinja' renderer: 0.000680923461914 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/sslsniff.sls: sslsniff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('sslsniff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' using 'yaml' renderer: 0.000507116317749 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/stunnel4.sls' to resolve 'salt://sift/packages/stunnel4.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' to resolve 'salt://sift/packages/stunnel4.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/stunnel4.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' using 'jinja' renderer: 0.000669956207275 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/stunnel4.sls: stunnel4: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('stunnel4', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' using 'yaml' renderer: 0.000494003295898 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/system-config-samba.sls' to resolve 'salt://sift/packages/system-config-samba.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' to resolve 'salt://sift/packages/system-config-samba.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' using 'jinja' renderer: 0.000679969787598 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls: system-config-samba: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('system-config-samba', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' using 'yaml' renderer: 0.000514984130859 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcl.sls' to resolve 'salt://sift/packages/tcl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' to resolve 'salt://sift/packages/tcl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' using 'jinja' renderer: 0.000639915466309 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcl.sls: tcl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' using 'yaml' renderer: 0.000484943389893 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpflow.sls' to resolve 'salt://sift/packages/tcpflow.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' to resolve 'salt://sift/packages/tcpflow.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpflow.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' using 'jinja' renderer: 0.000645875930786 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpflow.sls: tcpflow: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpflow', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' using 'yaml' renderer: 0.00052285194397 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpick.sls' to resolve 'salt://sift/packages/tcpick.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' to resolve 'salt://sift/packages/tcpick.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpick.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' using 'jinja' renderer: 0.000755071640015 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpick.sls: tcpick: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpick', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' using 'yaml' renderer: 0.000543117523193 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpreplay.sls' to resolve 'salt://sift/packages/tcpreplay.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' to resolve 'salt://sift/packages/tcpreplay.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' using 'jinja' renderer: 0.000672101974487 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls: tcpreplay: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpreplay', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' using 'yaml' renderer: 0.000490188598633 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpslice.sls' to resolve 'salt://sift/packages/tcpslice.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' to resolve 'salt://sift/packages/tcpslice.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpslice.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' using 'jinja' renderer: 0.000652074813843 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpslice.sls: tcpslice: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpslice', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' using 'yaml' renderer: 0.000506162643433 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpstat.sls' to resolve 'salt://sift/packages/tcpstat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' to resolve 'salt://sift/packages/tcpstat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpstat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' using 'jinja' renderer: 0.000658988952637 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpstat.sls: tcpstat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpstat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' using 'yaml' renderer: 0.000565052032471 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcptrace.sls' to resolve 'salt://sift/packages/tcptrace.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' to resolve 'salt://sift/packages/tcptrace.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcptrace.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' using 'jinja' renderer: 0.00070595741272 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcptrace.sls: tcptrace: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcptrace', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' using 'yaml' renderer: 0.000546932220459 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcptrack.sls' to resolve 'salt://sift/packages/tcptrack.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' to resolve 'salt://sift/packages/tcptrack.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcptrack.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' using 'jinja' renderer: 0.000702142715454 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcptrack.sls: tcptrack: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcptrack', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' using 'yaml' renderer: 0.000555992126465 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpxtract.sls' to resolve 'salt://sift/packages/tcpxtract.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' to resolve 'salt://sift/packages/tcpxtract.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' using 'jinja' renderer: 0.000705003738403 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls: tcpxtract: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpxtract', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' using 'yaml' renderer: 0.000523805618286 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/testdisk.sls' to resolve 'salt://sift/packages/testdisk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' to resolve 'salt://sift/packages/testdisk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/testdisk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' using 'jinja' renderer: 0.000705003738403 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/testdisk.sls: testdisk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('testdisk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' using 'yaml' renderer: 0.000500202178955 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tofrodos.sls' to resolve 'salt://sift/packages/tofrodos.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' to resolve 'salt://sift/packages/tofrodos.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tofrodos.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' using 'jinja' renderer: 0.000647068023682 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tofrodos.sls: tofrodos: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tofrodos', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' using 'yaml' renderer: 0.00051212310791 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/transmission.sls' to resolve 'salt://sift/packages/transmission.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' to resolve 'salt://sift/packages/transmission.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/transmission.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' using 'jinja' renderer: 0.00109601020813 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/transmission.sls: transmission: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('transmission', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' using 'yaml' renderer: 0.000496864318848 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/unity-control-center.sls' to resolve 'salt://sift/packages/unity-control-center.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' to resolve 'salt://sift/packages/unity-control-center.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' using 'jinja' renderer: 0.000665903091431 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls: unity-control-center: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('unity-control-center', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' using 'yaml' renderer: 0.00050687789917 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/unrar.sls' to resolve 'salt://sift/packages/unrar.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' to resolve 'salt://sift/packages/unrar.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/unrar.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' using 'jinja' renderer: 0.00088095664978 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/unrar.sls: include: - sift.repos.ubuntu-multiverse sift-unrar: pkg.installed: - name: unrar - require: - sls: sift.repos.ubuntu-multiverse # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-unrar', OrderedDict([('pkg.installed', [OrderedDict([('name', 'unrar')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' using 'yaml' renderer: 0.00159192085266 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/upx-ucl.sls' to resolve 'salt://sift/packages/upx-ucl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' to resolve 'salt://sift/packages/upx-ucl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' using 'jinja' renderer: 0.000664949417114 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls: upx-ucl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('upx-ucl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' using 'yaml' renderer: 0.000487089157104 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vbindiff.sls' to resolve 'salt://sift/packages/vbindiff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' to resolve 'salt://sift/packages/vbindiff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vbindiff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' using 'jinja' renderer: 0.000684022903442 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vbindiff.sls: vbindiff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('vbindiff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vim.sls' to resolve 'salt://sift/packages/vim.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vim.sls' to resolve 'salt://sift/packages/vim.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vim.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vim.sls' using 'jinja' renderer: 0.000643014907837 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vim.sls: vim: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('vim', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vim.sls' using 'yaml' renderer: 0.00048303604126 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/virtuoso-minimal.sls' to resolve 'salt://sift/packages/virtuoso-minimal.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' to resolve 'salt://sift/packages/virtuoso-minimal.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' using 'jinja' renderer: 0.000643968582153 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls: virtuoso-minimal: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('virtuoso-minimal', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' using 'yaml' renderer: 0.000516176223755 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vmfs-tools.sls' to resolve 'salt://sift/packages/vmfs-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' to resolve 'salt://sift/packages/vmfs-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' using 'jinja' renderer: 0.000756025314331 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls: vmfs-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('vmfs-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' using 'yaml' renderer: 0.000542879104614 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/winbind.sls' to resolve 'salt://sift/packages/winbind.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' to resolve 'salt://sift/packages/winbind.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/winbind.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' using 'jinja' renderer: 0.000809907913208 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/winbind.sls: winbind: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('winbind', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' using 'yaml' renderer: 0.00055193901062 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/wine.sls' to resolve 'salt://sift/packages/wine.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/wine.sls' to resolve 'salt://sift/packages/wine.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/wine.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wine.sls' using 'jinja' renderer: 0.000801086425781 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/wine.sls: sift-wine-i386-arch: cmd.run: - name: dpkg --add-architecture i386 - unless: dpkg --print-foreign-architectures | grep i386 sift-wine-apt-update: pkg.uptodate: - refresh: True - require: - cmd: sift-wine-i386-arch sift-wine: pkg.installed: - name: wine - require: - pkg: sift-wine-apt-update # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-wine-i386-arch', OrderedDict([('cmd.run', [OrderedDict([('name', 'dpkg --add-architecture i386')]), OrderedDict([('unless', 'dpkg --print-foreign-architectures | grep i386')])])])), ('sift-wine-apt-update', OrderedDict([('pkg.uptodate', [OrderedDict([('refresh', True)]), OrderedDict([('require', [OrderedDict([('cmd', 'sift-wine-i386-arch')])])])])])), ('sift-wine', OrderedDict([('pkg.installed', [OrderedDict([('name', 'wine')]), OrderedDict([('require', [OrderedDict([('pkg', 'sift-wine-apt-update')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wine.sls' using 'yaml' renderer: 0.00302600860596 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/wireshark.sls' to resolve 'salt://sift/packages/wireshark.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' to resolve 'salt://sift/packages/wireshark.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/wireshark.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' using 'jinja' renderer: 0.000728845596313 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/wireshark.sls: wireshark: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('wireshark', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' using 'yaml' renderer: 0.000500202178955 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xdot.sls' to resolve 'salt://sift/packages/xdot.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' to resolve 'salt://sift/packages/xdot.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xdot.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' using 'jinja' renderer: 0.000688791275024 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xdot.sls: xdot: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xdot', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' using 'yaml' renderer: 0.000508785247803 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xfsprogs.sls' to resolve 'salt://sift/packages/xfsprogs.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' to resolve 'salt://sift/packages/xfsprogs.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' using 'jinja' renderer: 0.000807046890259 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls: xfsprogs: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xfsprogs', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' using 'yaml' renderer: 0.000563859939575 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xmount.sls' to resolve 'salt://sift/packages/xmount.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' to resolve 'salt://sift/packages/xmount.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xmount.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' using 'jinja' renderer: 0.000735998153687 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xmount.sls: xmount: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xmount', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' using 'yaml' renderer: 0.000516891479492 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xpdf.sls' to resolve 'salt://sift/packages/xpdf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' to resolve 'salt://sift/packages/xpdf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xpdf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' using 'jinja' renderer: 0.00114989280701 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xpdf.sls: xpdf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xpdf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' using 'yaml' renderer: 0.000507116317749 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/zenity.sls' to resolve 'salt://sift/packages/zenity.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' to resolve 'salt://sift/packages/zenity.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/zenity.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' using 'jinja' renderer: 0.000670909881592 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/zenity.sls: zenity: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('zenity', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' using 'yaml' renderer: 0.000537872314453 # [DEBUG ] Could not find file 'salt://sift/python-packages.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/init.sls' to resolve 'salt://sift/python-packages/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' to resolve 'salt://sift/python-packages/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' using 'jinja' renderer: 0.00137591362 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/init.sls: include: - sift.python-packages.analyzemft - sift.python-packages.argparse - sift.python-packages.bitstring - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.distorm3 - sift.python-packages.docopt - sift.python-packages.geoip2 - sift.python-packages.ioc_writer - sift.python-packages.lxml - sift.python-packages.pefile - sift.python-packages.pip - sift.python-packages.pysocks - sift.python-packages.python-dateutil - sift.python-packages.python-evtx - sift.python-packages.python-magic - sift.python-packages.python-registry - sift.python-packages.rekall - sift.python-packages.setuptools - sift.python-packages.six - sift.python-packages.stix-validator - sift.python-packages.stix - sift.python-packages.timesketch - sift.python-packages.unicodecsv - sift.python-packages.usnparser - sift.python-packages.virustotal-api - sift.python-packages.wheel - sift.python-packages.windowsprefetch sift-python-packages: test.nop: - name: sift-python-packages - require: - sls: sift.python-packages.analyzemft - sls: sift.python-packages.argparse - sls: sift.python-packages.bitstring - sls: sift.python-packages.colorama - sls: sift.python-packages.construct - sls: sift.python-packages.distorm3 - sls: sift.python-packages.docopt - sls: sift.python-packages.geoip2 - sls: sift.python-packages.ioc_writer - sls: sift.python-packages.lxml - sls: sift.python-packages.pefile - sls: sift.python-packages.pip - sls: sift.python-packages.pysocks - sls: sift.python-packages.python-dateutil - sls: sift.python-packages.python-evtx - sls: sift.python-packages.python-magic - sls: sift.python-packages.python-registry - sls: sift.python-packages.rekall - sls: sift.python-packages.setuptools - sls: sift.python-packages.six - sls: sift.python-packages.stix-validator - sls: sift.python-packages.stix - sls: sift.python-packages.timesketch - sls: sift.python-packages.unicodecsv - sls: sift.python-packages.usnparser - sls: sift.python-packages.virustotal-api - sls: sift.python-packages.wheel - sls: sift.python-packages.windowsprefetch # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.analyzemft', 'sift.python-packages.argparse', 'sift.python-packages.bitstring', 'sift.python-packages.colorama', 'sift.python-packages.construct', 'sift.python-packages.distorm3', 'sift.python-packages.docopt', 'sift.python-packages.geoip2', 'sift.python-packages.ioc_writer', 'sift.python-packages.lxml', 'sift.python-packages.pefile', 'sift.python-packages.pip', 'sift.python-packages.pysocks', 'sift.python-packages.python-dateutil', 'sift.python-packages.python-evtx', 'sift.python-packages.python-magic', 'sift.python-packages.python-registry', 'sift.python-packages.rekall', 'sift.python-packages.setuptools', 'sift.python-packages.six', 'sift.python-packages.stix-validator', 'sift.python-packages.stix', 'sift.python-packages.timesketch', 'sift.python-packages.unicodecsv', 'sift.python-packages.usnparser', 'sift.python-packages.virustotal-api', 'sift.python-packages.wheel', 'sift.python-packages.windowsprefetch']), ('sift-python-packages', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-python-packages')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.analyzemft')]), OrderedDict([('sls', 'sift.python-packages.argparse')]), OrderedDict([('sls', 'sift.python-packages.bitstring')]), OrderedDict([('sls', 'sift.python-packages.colorama')]), OrderedDict([('sls', 'sift.python-packages.construct')]), OrderedDict([('sls', 'sift.python-packages.distorm3')]), OrderedDict([('sls', 'sift.python-packages.docopt')]), OrderedDict([('sls', 'sift.python-packages.geoip2')]), OrderedDict([('sls', 'sift.python-packages.ioc_writer')]), OrderedDict([('sls', 'sift.python-packages.lxml')]), OrderedDict([('sls', 'sift.python-packages.pefile')]), OrderedDict([('sls', 'sift.python-packages.pip')]), OrderedDict([('sls', 'sift.python-packages.pysocks')]), OrderedDict([('sls', 'sift.python-packages.python-dateutil')]), OrderedDict([('sls', 'sift.python-packages.python-evtx')]), OrderedDict([('sls', 'sift.python-packages.python-magic')]), OrderedDict([('sls', 'sift.python-packages.python-registry')]), OrderedDict([('sls', 'sift.python-packages.rekall')]), OrderedDict([('sls', 'sift.python-packages.setuptools')]), OrderedDict([('sls', 'sift.python-packages.six')]), OrderedDict([('sls', 'sift.python-packages.stix-validator')]), OrderedDict([('sls', 'sift.python-packages.stix')]), OrderedDict([('sls', 'sift.python-packages.timesketch')]), OrderedDict([('sls', 'sift.python-packages.unicodecsv')]), OrderedDict([('sls', 'sift.python-packages.usnparser')]), OrderedDict([('sls', 'sift.python-packages.virustotal-api')]), OrderedDict([('sls', 'sift.python-packages.wheel')]), OrderedDict([('sls', 'sift.python-packages.windowsprefetch')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' using 'yaml' renderer: 0.0103659629822 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/analyzemft.sls' to resolve 'salt://sift/python-packages/analyzemft.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' to resolve 'salt://sift/python-packages/analyzemft.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' using 'jinja' renderer: 0.000795125961304 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls: include: - ..packages.python-pip analyzemft: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('analyzemft', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' using 'yaml' renderer: 0.0013439655304 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/argparse.sls' to resolve 'salt://sift/python-packages/argparse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' to resolve 'salt://sift/python-packages/argparse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/argparse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' using 'jinja' renderer: 0.000855207443237 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/argparse.sls: include: - ..packages.python-pip argparse: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('argparse', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' using 'yaml' renderer: 0.00136303901672 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/bitstring.sls' to resolve 'salt://sift/python-packages/bitstring.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' to resolve 'salt://sift/python-packages/bitstring.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' using 'jinja' renderer: 0.000760078430176 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls: include: - ..packages.python-pip bitstring: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('bitstring', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' using 'yaml' renderer: 0.00130605697632 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/docopt.sls' to resolve 'salt://sift/python-packages/docopt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' to resolve 'salt://sift/python-packages/docopt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/docopt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' using 'jinja' renderer: 0.000764846801758 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/docopt.sls: include: - ..packages.python-pip docopt: pip.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('docopt', 'pip.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' using 'yaml' renderer: 0.000769138336182 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/geoip2.sls' to resolve 'salt://sift/python-packages/geoip2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls' to resolve 'salt://sift/python-packages/geoip2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls' using 'jinja' renderer: 0.000792026519775 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls: include: - sift.packages.python-pip sift-pip-geoip2: pip.installed: - name: geoip2 - require: - sls: sift.packages.python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-pip']), ('sift-pip-geoip2', OrderedDict([('pip.installed', [OrderedDict([('name', 'geoip2')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls' using 'yaml' renderer: 0.00153088569641 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pip.sls' to resolve 'salt://sift/python-packages/pip.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' to resolve 'salt://sift/python-packages/pip.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pip.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' using 'jinja' renderer: 0.000792026519775 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pip.sls: include: - ..packages.python-pip pip: pip.installed: - name: pip - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pip', OrderedDict([('pip.installed', [OrderedDict([('name', 'pip')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' using 'yaml' renderer: 0.00172400474548 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-dateutil.sls' to resolve 'salt://sift/python-packages/python-dateutil.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' to resolve 'salt://sift/python-packages/python-dateutil.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' using 'jinja' renderer: 0.000791072845459 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls: include: - ..packages.python-pip python-dateutil: pip.installed: - name: python-dateutil >= 2.4.2 - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-dateutil', OrderedDict([('pip.installed', [OrderedDict([('name', 'python-dateutil >= 2.4.2')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' using 'yaml' renderer: 0.00152111053467 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-evtx.sls' to resolve 'salt://sift/python-packages/python-evtx.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' to resolve 'salt://sift/python-packages/python-evtx.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' using 'jinja' renderer: 0.000762939453125 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls: include: - ..packages.python-pip python-evtx: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-evtx', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' using 'yaml' renderer: 0.00127792358398 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-magic.sls' to resolve 'salt://sift/python-packages/python-magic.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' to resolve 'salt://sift/python-packages/python-magic.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls: include: - ..packages.python-pip python-magic: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-magic', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' using 'yaml' renderer: 0.00129508972168 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-registry.sls' to resolve 'salt://sift/python-packages/python-registry.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' to resolve 'salt://sift/python-packages/python-registry.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' using 'jinja' renderer: 0.000806093215942 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls: include: - ..packages.python-pip python-registry: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-registry', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' using 'yaml' renderer: 0.00171518325806 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/rekall.sls' to resolve 'salt://sift/python-packages/rekall.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' to resolve 'salt://sift/python-packages/rekall.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/rekall.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' using 'jinja' renderer: 0.000883817672729 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/rekall.sls: include: - ..packages.build-essential - ..packages.python-dev - ..packages.python-pip - ..packages.libncurses - ..packages.python-virtualenv - .setuptools - .wheel rekall-virtualenv: virtualenv.managed: - name: /opt/rekall - pip_pkgs: - pip - setuptools - wheel - rekall - require: - pkg: python-virtualenv rekall: pip.installed: - name: rekall - bin_env: /opt/rekall - require: - pkg: python-dev - pkg: python-pip - pkg: libncurses - pkg: build-essential - pip: setuptools - pip: wheel - virtualenv: rekall-virtualenv # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.build-essential', '..packages.python-dev', '..packages.python-pip', '..packages.libncurses', '..packages.python-virtualenv', '.setuptools', '.wheel']), ('rekall-virtualenv', OrderedDict([('virtualenv.managed', [OrderedDict([('name', '/opt/rekall')]), OrderedDict([('pip_pkgs', ['pip', 'setuptools', 'wheel', 'rekall'])]), OrderedDict([('require', [OrderedDict([('pkg', 'python-virtualenv')])])])])])), ('rekall', OrderedDict([('pip.installed', [OrderedDict([('name', 'rekall')]), OrderedDict([('bin_env', '/opt/rekall')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-dev')]), OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'libncurses')]), OrderedDict([('pkg', 'build-essential')]), OrderedDict([('pip', 'setuptools')]), OrderedDict([('pip', 'wheel')]), OrderedDict([('virtualenv', 'rekall-virtualenv')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' using 'yaml' renderer: 0.0048930644989 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/setuptools.sls' to resolve 'salt://sift/python-packages/setuptools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' to resolve 'salt://sift/python-packages/setuptools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' using 'jinja' renderer: 0.000746011734009 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls: include: - ..packages.python-pip setuptools: pip.installed: - name: setuptools - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('setuptools', OrderedDict([('pip.installed', [OrderedDict([('name', 'setuptools')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' using 'yaml' renderer: 0.00178909301758 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/wheel.sls' to resolve 'salt://sift/python-packages/wheel.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' to resolve 'salt://sift/python-packages/wheel.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/wheel.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' using 'jinja' renderer: 0.000815153121948 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/wheel.sls: include: - ..packages.python-pip wheel: pip.installed: - name: wheel - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('wheel', OrderedDict([('pip.installed', [OrderedDict([('name', 'wheel')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' using 'yaml' renderer: 0.00172901153564 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/six.sls' to resolve 'salt://sift/python-packages/six.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' to resolve 'salt://sift/python-packages/six.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/six.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' using 'jinja' renderer: 0.000806093215942 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/six.sls: include: - ..packages.python-pip six: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('six', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' using 'yaml' renderer: 0.00139999389648 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/stix-validator.sls' to resolve 'salt://sift/python-packages/stix-validator.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' to resolve 'salt://sift/python-packages/stix-validator.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' using 'jinja' renderer: 0.000741958618164 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls: include: - ..packages.python-pip - .stix stix-validator: pip.installed: - require: - pkg: python-pip - pip: stix # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.stix']), ('stix-validator', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'stix')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' using 'yaml' renderer: 0.00154805183411 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/stix.sls' to resolve 'salt://sift/python-packages/stix.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' to resolve 'salt://sift/python-packages/stix.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/stix.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' using 'jinja' renderer: 0.000737905502319 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/stix.sls: include: - ..packages.python-pip - .lxml stix: pip.installed: - require: - pkg: python-pip - pip: lxml # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.lxml']), ('stix', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'lxml')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' using 'yaml' renderer: 0.00256586074829 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/timesketch.sls' to resolve 'salt://sift/python-packages/timesketch.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' to resolve 'salt://sift/python-packages/timesketch.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' using 'jinja' renderer: 0.00179886817932 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls: include: - ..packages.python-pip - ..packages.python-dev - ..packages.libffi-dev timesketch: pip.installed: - force_reinstall: False - require: - pkg: python-pip - pkg: python-dev - pkg: libffi-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '..packages.python-dev', '..packages.libffi-dev']), ('timesketch', OrderedDict([('pip.installed', [OrderedDict([('force_reinstall', False)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'python-dev')]), OrderedDict([('pkg', 'libffi-dev')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' using 'yaml' renderer: 0.00248003005981 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/unicodecsv.sls' to resolve 'salt://sift/python-packages/unicodecsv.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' to resolve 'salt://sift/python-packages/unicodecsv.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' using 'jinja' renderer: 0.000759124755859 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls: include: - ..packages.python-pip unicodecsv: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('unicodecsv', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' using 'yaml' renderer: 0.00126695632935 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/usnparser.sls' to resolve 'salt://sift/python-packages/usnparser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' to resolve 'salt://sift/python-packages/usnparser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' using 'jinja' renderer: 0.000756978988647 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls: include: - ..packages.python-pip usnparser: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('usnparser', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' using 'yaml' renderer: 0.00137996673584 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/virustotal-api.sls' to resolve 'salt://sift/python-packages/virustotal-api.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls' to resolve 'salt://sift/python-packages/virustotal-api.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls' using 'jinja' renderer: 0.000865936279297 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls: include: - sift.packages.python-pip sift-pip-virustotal-api: pip.installed: - name: virustotal-api - require: - sls: sift.packages.python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-pip']), ('sift-pip-virustotal-api', OrderedDict([('pip.installed', [OrderedDict([('name', 'virustotal-api')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls' using 'yaml' renderer: 0.00153088569641 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/windowsprefetch.sls' to resolve 'salt://sift/python-packages/windowsprefetch.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' to resolve 'salt://sift/python-packages/windowsprefetch.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' using 'jinja' renderer: 0.000746011734009 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls: include: - ..packages.python-pip windowsprefetch: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('windowsprefetch', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' using 'yaml' renderer: 0.0012629032135 # [DEBUG ] Could not find file 'salt://sift/tools.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/init.sls' to resolve 'salt://sift/tools/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/init.sls' to resolve 'salt://sift/tools/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/init.sls' using 'jinja' renderer: 0.000769138336182 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/init.sls: include: - sift.tools.densityscout - sift.tools.sift-cli sift-tools: test.nop: - name: sift-tools - require: - sls: sift.tools.densityscout - sls: sift.tools.sift-cli # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.tools.densityscout', 'sift.tools.sift-cli']), ('sift-tools', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-tools')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.tools.densityscout')]), OrderedDict([('sls', 'sift.tools.sift-cli')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/init.sls' using 'yaml' renderer: 0.00179386138916 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/densityscout.sls' to resolve 'salt://sift/tools/densityscout.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' to resolve 'salt://sift/tools/densityscout.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/densityscout.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' using 'jinja' renderer: 0.0025839805603 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/densityscout.sls: # http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip sift-tool-densityscout-archive: archive.extracted: - name: /usr/local/src/densityscout/densityscout_build_45_linux - enforce_toplevel: False - source: http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip - source_hash: sha256=7d49813d407df06529e4b0138d4c0eec725c73bf9e93c0444639c6d409890f2c - if_missing: /usr/local/bin/densityscout-build-45 sift-tool-densityscout-binary: file.copy: - name: /usr/local/bin/densityscout-build-45 - source: /usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout - user: root - group: root - mode: 755 - require: - archive: sift-tool-densityscout-archive sift-tool-densityscout-link: file.symlink: - name: /usr/local/bin/densityscout - target: /usr/local/bin/densityscout-build-45 - require: - file: sift-tool-densityscout-binary # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-tool-densityscout-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/densityscout/densityscout_build_45_linux')]), OrderedDict([('enforce_toplevel', False)]), OrderedDict([('source', 'http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip')]), OrderedDict([('source_hash', 'sha256=7d49813d407df06529e4b0138d4c0eec725c73bf9e93c0444639c6d409890f2c')]), OrderedDict([('if_missing', '/usr/local/bin/densityscout-build-45')])])])), ('sift-tool-densityscout-binary', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/densityscout-build-45')]), OrderedDict([('source', '/usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('archive', 'sift-tool-densityscout-archive')])])])])])), ('sift-tool-densityscout-link', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/bin/densityscout')]), OrderedDict([('target', '/usr/local/bin/densityscout-build-45')]), OrderedDict([('require', [OrderedDict([('file', 'sift-tool-densityscout-binary')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' using 'yaml' renderer: 0.00550007820129 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/sift-cli.sls' to resolve 'salt://sift/tools/sift-cli.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' to resolve 'salt://sift/tools/sift-cli.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/sift-cli.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' using 'jinja' renderer: 0.00154590606689 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/sift-cli.sls: sift-tool-sift-cli: file.managed: - name: /usr/local/bin/sift - source: https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux - source_hash: sha256=3847e734a98a842868ecc5488916e1273c8baf6d7a822c46d3f4079ec316566d - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-tool-sift-cli', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/sift')]), OrderedDict([('source', 'https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux')]), OrderedDict([('source_hash', 'sha256=3847e734a98a842868ecc5488916e1273c8baf6d7a822c46d3f4079ec316566d')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' using 'yaml' renderer: 0.00164699554443 # [DEBUG ] Could not find file 'salt://sift/scripts.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/init.sls' to resolve 'salt://sift/scripts/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/init.sls' to resolve 'salt://sift/scripts/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/init.sls' using 'jinja' renderer: 0.00105094909668 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/init.sls: include: - sift.scripts.4n6 - sift.scripts.amcache - sift.scripts.dump-mft-entry - sift.scripts.image-mounter - sift.scripts.java-idx-parser - sift.scripts.jobparser - sift.scripts.keydet-tools - sift.scripts.packerid - sift.scripts.page-brute - sift.scripts.parseusn - sift.scripts.pdf-tools - sift.scripts.pe-carver - sift.scripts.pescanner - sift.scripts.regripper - sift.scripts.shim-cache-parser - sift.scripts.sift - sift.scripts.sorter - sift.scripts.sqlparser - sift.scripts.usbdeviceforensics - sift.scripts.virustotal-tools - sift.scripts.vshot sift-scripts: test.nop: - name: sift-scripts - require: - sls: sift.scripts.4n6 - sls: sift.scripts.amcache - sls: sift.scripts.dump-mft-entry - sls: sift.scripts.image-mounter - sls: sift.scripts.java-idx-parser - sls: sift.scripts.jobparser - sls: sift.scripts.keydet-tools - sls: sift.scripts.packerid - sls: sift.scripts.page-brute - sls: sift.scripts.parseusn - sls: sift.scripts.pdf-tools - sls: sift.scripts.pe-carver - sls: sift.scripts.pescanner - sls: sift.scripts.regripper - sls: sift.scripts.shim-cache-parser - sls: sift.scripts.sift - sls: sift.scripts.sorter - sls: sift.scripts.sqlparser - sls: sift.scripts.usbdeviceforensics - sls: sift.scripts.virustotal-tools - sls: sift.scripts.vshot # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.scripts.4n6', 'sift.scripts.amcache', 'sift.scripts.dump-mft-entry', 'sift.scripts.image-mounter', 'sift.scripts.java-idx-parser', 'sift.scripts.jobparser', 'sift.scripts.keydet-tools', 'sift.scripts.packerid', 'sift.scripts.page-brute', 'sift.scripts.parseusn', 'sift.scripts.pdf-tools', 'sift.scripts.pe-carver', 'sift.scripts.pescanner', 'sift.scripts.regripper', 'sift.scripts.shim-cache-parser', 'sift.scripts.sift', 'sift.scripts.sorter', 'sift.scripts.sqlparser', 'sift.scripts.usbdeviceforensics', 'sift.scripts.virustotal-tools', 'sift.scripts.vshot']), ('sift-scripts', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-scripts')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.scripts.4n6')]), OrderedDict([('sls', 'sift.scripts.amcache')]), OrderedDict([('sls', 'sift.scripts.dump-mft-entry')]), OrderedDict([('sls', 'sift.scripts.image-mounter')]), OrderedDict([('sls', 'sift.scripts.java-idx-parser')]), OrderedDict([('sls', 'sift.scripts.jobparser')]), OrderedDict([('sls', 'sift.scripts.keydet-tools')]), OrderedDict([('sls', 'sift.scripts.packerid')]), OrderedDict([('sls', 'sift.scripts.page-brute')]), OrderedDict([('sls', 'sift.scripts.parseusn')]), OrderedDict([('sls', 'sift.scripts.pdf-tools')]), OrderedDict([('sls', 'sift.scripts.pe-carver')]), OrderedDict([('sls', 'sift.scripts.pescanner')]), OrderedDict([('sls', 'sift.scripts.regripper')]), OrderedDict([('sls', 'sift.scripts.shim-cache-parser')]), OrderedDict([('sls', 'sift.scripts.sift')]), OrderedDict([('sls', 'sift.scripts.sorter')]), OrderedDict([('sls', 'sift.scripts.sqlparser')]), OrderedDict([('sls', 'sift.scripts.usbdeviceforensics')]), OrderedDict([('sls', 'sift.scripts.virustotal-tools')]), OrderedDict([('sls', 'sift.scripts.vshot')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/init.sls' using 'yaml' renderer: 0.0081090927124 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/4n6.sls' to resolve 'salt://sift/scripts/4n6.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' to resolve 'salt://sift/scripts/4n6.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/4n6.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' using 'jinja' renderer: 0.00459098815918 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/4n6.sls: include: - sift.packages.git - sift.packages.python sift-scripts-4n6-git: git.latest: - name: https://github.com/cheeky4n6monkey/4n6-scripts.git - target: /usr/local/src/4n6-scripts - user: root - rev: master - force_clone: True - require: - pkg: git - pkg: python sift-scripts-4n6-WP8_AppPerms.py: file.copy: - name: /usr/local/bin/WP8_AppPerms.py - source: /usr/local/src/4n6-scripts/WP8_AppPerms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-bing-bar-parser.pl: file.copy: - name: /usr/local/bin/bing-bar-parser.pl - source: /usr/local/src/4n6-scripts/bing-bar-parser.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-chunkymonkey.py: file.copy: - name: /usr/local/bin/chunkymonkey.py - source: /usr/local/src/4n6-scripts/chunkymonkey.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-dextract.def: file.copy: - name: /usr/local/bin/dextract.def - source: /usr/local/src/4n6-scripts/dextract.def - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-dextract.py: file.copy: - name: /usr/local/bin/dextract.py - source: /usr/local/src/4n6-scripts/dextract.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-docx-font-extractor.pl: file.copy: - name: /usr/local/bin/docx-font-extractor.pl - source: /usr/local/src/4n6-scripts/docx-font-extractor.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-exif2map.pl: file.copy: - name: /usr/local/bin/exif2map.pl - source: /usr/local/src/4n6-scripts/exif2map.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-fbmsg-extractor.py: file.copy: - name: /usr/local/bin/fbmsg-extractor.py - source: /usr/local/src/4n6-scripts/fbmsg-extractor.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-gis4cookie.pl: file.copy: - name: /usr/local/bin/gis4cookie.pl - source: /usr/local/src/4n6-scripts/gis4cookie.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-google-ei-time.py: file.copy: - name: /usr/local/bin/google-ei-time.py - source: /usr/local/src/4n6-scripts/google-ei-time.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-imgcache-parse-mod.py: file.copy: - name: /usr/local/bin/imgcache-parse-mod.py - source: /usr/local/src/4n6-scripts/imgcache-parse-mod.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-imgcache-parse.py: file.copy: - name: /usr/local/bin/imgcache-parse.py - source: /usr/local/src/4n6-scripts/imgcache-parse.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-json-printer.pl: file.copy: - name: /usr/local/bin/json-printer.pl - source: /usr/local/src/4n6-scripts/json-printer.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-msoffice-pic-extractor.py: file.copy: - name: /usr/local/bin/msoffice-pic-extractor.py - source: /usr/local/src/4n6-scripts/msoffice-pic-extractor.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-plist2db.py: file.copy: - name: /usr/local/bin/plist2db.py - source: /usr/local/src/4n6-scripts/plist2db.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-print_apk_perms.py: file.copy: - name: /usr/local/bin/print_apk_perms.py - source: /usr/local/src/4n6-scripts/print_apk_perms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-s2-cellid2latlong.py: file.copy: - name: /usr/local/bin/s2-cellid2latlong.py - source: /usr/local/src/4n6-scripts/s2-cellid2latlong.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-s2-latlong2cellid.py: file.copy: - name: /usr/local/bin/s2-latlong2cellid.py - source: /usr/local/src/4n6-scripts/s2-latlong2cellid.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sms-grep-sample-config.txt: file.copy: - name: /usr/local/bin/sms-grep-sample-config.txt - source: /usr/local/src/4n6-scripts/sms-grep-sample-config.txt - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sms-grep.pl: file.copy: - name: /usr/local/bin/sms-grep.pl - source: /usr/local/src/4n6-scripts/sms-grep.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-base64-decode.py: file.copy: - name: /usr/local/bin/sqlite-base64-decode.py - source: /usr/local/src/4n6-scripts/sqlite-base64-decode.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-blob-dumper.py: file.copy: - name: /usr/local/bin/sqlite-blob-dumper.py - source: /usr/local/src/4n6-scripts/sqlite-blob-dumper.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-parser.pl: file.copy: - name: /usr/local/bin/sqlite-parser.pl - source: /usr/local/src/4n6-scripts/sqlite-parser.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-squirrelgripper-README.txt: file.copy: - name: /usr/local/bin/squirrelgripper-README.txt - source: /usr/local/src/4n6-scripts/squirrelgripper-README.txt - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-squirrelgripper.pl: file.copy: - name: /usr/local/bin/squirrelgripper.pl - source: /usr/local/src/4n6-scripts/squirrelgripper.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-timediff32.pl: file.copy: - name: /usr/local/bin/timediff32.pl - source: /usr/local/src/4n6-scripts/timediff32.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-vmail-db-2-html.pl: file.copy: - name: /usr/local/bin/vmail-db-2-html.pl - source: /usr/local/src/4n6-scripts/vmail-db-2-html.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-callhistory.py: file.copy: - name: /usr/local/bin/wp8-1-callhistory.py - source: /usr/local/src/4n6-scripts/wp8-1-callhistory.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-contacts.py: file.copy: - name: /usr/local/bin/wp8-1-contacts.py - source: /usr/local/src/4n6-scripts/wp8-1-contacts.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-mms-filesort.py: file.copy: - name: /usr/local/bin/wp8-1-mms-filesort.py - source: /usr/local/src/4n6-scripts/wp8-1-mms-filesort.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-mms.py: file.copy: - name: /usr/local/bin/wp8-1-mms.py - source: /usr/local/src/4n6-scripts/wp8-1-mms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-sms.py: file.copy: - name: /usr/local/bin/wp8-1-sms.py - source: /usr/local/src/4n6-scripts/wp8-1-sms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-callhistory.py: file.copy: - name: /usr/local/bin/wp8-callhistory.py - source: /usr/local/src/4n6-scripts/wp8-callhistory.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-contacts.py: file.copy: - name: /usr/local/bin/wp8-contacts.py - source: /usr/local/src/4n6-scripts/wp8-contacts.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-fb-msg.py: file.copy: - name: /usr/local/bin/wp8-fb-msg.py - source: /usr/local/src/4n6-scripts/wp8-fb-msg.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-sha256-pin-finder.py: file.copy: - name: /usr/local/bin/wp8-sha256-pin-finder.py - source: /usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-sms.py: file.copy: - name: /usr/local/bin/wp8-sms.py - source: /usr/local/src/4n6-scripts/wp8-sms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wwf-chat-parser.py: file.copy: - name: /usr/local/bin/wwf-chat-parser.py - source: /usr/local/src/4n6-scripts/wwf-chat-parser.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git', 'sift.packages.python']), ('sift-scripts-4n6-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/cheeky4n6monkey/4n6-scripts.git')]), OrderedDict([('target', '/usr/local/src/4n6-scripts')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')]), OrderedDict([('pkg', 'python')])])])])])), ('sift-scripts-4n6-WP8_AppPerms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/WP8_AppPerms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/WP8_AppPerms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-bing-bar-parser.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/bing-bar-parser.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/bing-bar-parser.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-chunkymonkey.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/chunkymonkey.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/chunkymonkey.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-dextract.def', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/dextract.def')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/dextract.def')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-dextract.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/dextract.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/dextract.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-docx-font-extractor.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/docx-font-extractor.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/docx-font-extractor.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-exif2map.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/exif2map.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/exif2map.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-fbmsg-extractor.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/fbmsg-extractor.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/fbmsg-extractor.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-gis4cookie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/gis4cookie.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/gis4cookie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-google-ei-time.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/google-ei-time.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/google-ei-time.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-imgcache-parse-mod.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/imgcache-parse-mod.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/imgcache-parse-mod.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-imgcache-parse.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/imgcache-parse.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/imgcache-parse.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-json-printer.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/json-printer.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/json-printer.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-msoffice-pic-extractor.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/msoffice-pic-extractor.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/msoffice-pic-extractor.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-plist2db.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/plist2db.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/plist2db.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-print_apk_perms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/print_apk_perms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/print_apk_perms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-s2-cellid2latlong.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/s2-cellid2latlong.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/s2-cellid2latlong.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-s2-latlong2cellid.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/s2-latlong2cellid.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/s2-latlong2cellid.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sms-grep-sample-config.txt', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sms-grep-sample-config.txt')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sms-grep-sample-config.txt')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sms-grep.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sms-grep.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sms-grep.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-base64-decode.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-base64-decode.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-base64-decode.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-blob-dumper.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-blob-dumper.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-blob-dumper.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-parser.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-parser.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-parser.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-squirrelgripper-README.txt', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/squirrelgripper-README.txt')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/squirrelgripper-README.txt')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-squirrelgripper.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/squirrelgripper.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/squirrelgripper.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-timediff32.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/timediff32.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/timediff32.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-vmail-db-2-html.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/vmail-db-2-html.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/vmail-db-2-html.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-callhistory.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-callhistory.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-callhistory.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-contacts.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-contacts.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-contacts.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-mms-filesort.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-mms-filesort.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-mms-filesort.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-mms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-mms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-mms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-sms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-sms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-sms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-callhistory.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-callhistory.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-callhistory.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-contacts.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-contacts.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-contacts.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-fb-msg.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-fb-msg.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-fb-msg.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-sha256-pin-finder.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-sha256-pin-finder.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-sms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-sms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-sms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wwf-chat-parser.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wwf-chat-parser.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wwf-chat-parser.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' using 'yaml' renderer: 0.0576179027557 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/amcache.sls' to resolve 'salt://sift/scripts/amcache.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' to resolve 'salt://sift/scripts/amcache.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/amcache.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' using 'jinja' renderer: 0.00188112258911 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/amcache.sls: # Source: https://github.com/williballenthin/python-registry # License: Apache2 - https://github.com/williballenthin/python-registry/blob/master/LICENSE.TXT sift-scripts-amcache: file.managed: - name: /usr/local/bin/amcache.py - source: https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py - source_hash: sha256=1065c23fdea1fde90e931bf5ccabc93b508bee0f6855a6ef2b3b9fd74495e279 - mode: 755 sift-scripts-amcache-shebang: file.replace: - name: /usr/local/bin/amcache.py - pattern: '#!/usr/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-amcache # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-amcache', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/amcache.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py')]), OrderedDict([('source_hash', 'sha256=1065c23fdea1fde90e931bf5ccabc93b508bee0f6855a6ef2b3b9fd74495e279')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-amcache-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/amcache.py')]), OrderedDict([('pattern', '#!/usr/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-amcache')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' using 'yaml' renderer: 0.00368118286133 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/dump-mft-entry.sls' to resolve 'salt://sift/scripts/dump-mft-entry.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' to resolve 'salt://sift/scripts/dump-mft-entry.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' using 'jinja' renderer: 0.00181007385254 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls: # Source: https://github.com/superponible/DFIR # License: Unknown sift-scripts-dump-mft-entry: file.managed: - name: /usr/local/bin/dump-mft-entry.pl - source: https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl - source_hash: sha256=7141258a36037653dd377d062350f703b90c99e70c9e3d38f86fcd8c70258e1b - mode: 755 sift-scripts-dump-mft-entry-shebang: file.replace: - name: /usr/local/bin/dump-mft-entry.pl - pattern: '#!/usr/bin/perl' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-dump-mft-entry # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-dump-mft-entry', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/dump-mft-entry.pl')]), OrderedDict([('source', 'https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl')]), OrderedDict([('source_hash', 'sha256=7141258a36037653dd377d062350f703b90c99e70c9e3d38f86fcd8c70258e1b')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-dump-mft-entry-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/dump-mft-entry.pl')]), OrderedDict([('pattern', '#!/usr/bin/perl')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-dump-mft-entry')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' using 'yaml' renderer: 0.0035080909729 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/image-mounter.sls' to resolve 'salt://sift/scripts/image-mounter.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' to resolve 'salt://sift/scripts/image-mounter.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' using 'jinja' renderer: 0.000838041305542 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls: # Source: https://github.com/kevthehermit/Scripts sift-scripts-image-mounter: file.managed: - name: /usr/local/bin/imageMounter.py - source: https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py - source_hash: sha256=7e810482b5aa58f8085a7a03be266c113530145306c73c75ba9956ba83e39151 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-image-mounter', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/imageMounter.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py')]), OrderedDict([('source_hash', 'sha256=7e810482b5aa58f8085a7a03be266c113530145306c73c75ba9956ba83e39151')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' using 'yaml' renderer: 0.00186204910278 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/java-idx-parser.sls' to resolve 'salt://sift/scripts/java-idx-parser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' to resolve 'salt://sift/scripts/java-idx-parser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' using 'jinja' renderer: 0.000808000564575 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls: # Source: https://github.com/Rurik/Java_IDX_Parser # License: https://github.com/Rurik/Java_IDX_Parser#copyright-and-license scripts-java-idx-parser: file.managed: - name: /usr/local/bin/idx_parser.py - source: https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py - source_hash: sha256=963d5f38b93016f147295ab6871dcba326c9315ea9402652745ae6290b594f45 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-java-idx-parser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/idx_parser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py')]), OrderedDict([('source_hash', 'sha256=963d5f38b93016f147295ab6871dcba326c9315ea9402652745ae6290b594f45')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' using 'yaml' renderer: 0.00182104110718 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/jobparser.sls' to resolve 'salt://sift/scripts/jobparser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' to resolve 'salt://sift/scripts/jobparser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/jobparser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' using 'jinja' renderer: 0.00166392326355 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/jobparser.sls: # Source: https://github.com/gleeda/misc-scripts # License: GNU GPL sift-scripts-jobparser: file.managed: - name: /usr/local/bin/jobparser.py - source: https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py - source_hash: sha256=a6869e7f0f2f360681ff67a67b65c627b0084ebec25d7a9bb44abe8a1cdfb467 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-jobparser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/jobparser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py')]), OrderedDict([('source_hash', 'sha256=a6869e7f0f2f360681ff67a67b65c627b0084ebec25d7a9bb44abe8a1cdfb467')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' using 'yaml' renderer: 0.00191688537598 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/keydet-tools.sls' to resolve 'salt://sift/scripts/keydet-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' to resolve 'salt://sift/scripts/keydet-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' using 'jinja' renderer: 0.0050151348114 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls: include: - sift.packages.git sift-scripts-keydet-tools-git: git.latest: - name: https://github.com/keydet89/Tools.git - target: /usr/local/src/keydet-tools - user: root - rev: master - force_clone: True - require: - pkg: git sift-scripts-keydet-tools-bodyfile.pl: file.copy: - name: /usr/local/bin/bodyfile.pl - source: /usr/local/src/keydet-tools/source/bodyfile.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-bodyfile.pl: file.replace: - name: /usr/local/bin/bodyfile.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-bodyfile.pl sift-scripts-keydet-tools-evtparse.pl: file.copy: - name: /usr/local/bin/evtparse.pl - source: /usr/local/src/keydet-tools/source/evtparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtparse.pl: file.replace: - name: /usr/local/bin/evtparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtparse.pl sift-scripts-keydet-tools-evtrpt.pl: file.copy: - name: /usr/local/bin/evtrpt.pl - source: /usr/local/src/keydet-tools/source/evtrpt.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtrpt.pl: file.replace: - name: /usr/local/bin/evtrpt.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtrpt.pl sift-scripts-keydet-tools-evtxparse.pl: file.copy: - name: /usr/local/bin/evtxparse.pl - source: /usr/local/src/keydet-tools/source/evtxparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtxparse.pl: file.replace: - name: /usr/local/bin/evtxparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtxparse.pl sift-scripts-keydet-tools-fb.pl: file.copy: - name: /usr/local/bin/fb.pl - source: /usr/local/src/keydet-tools/source/fb.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-fb.pl: file.replace: - name: /usr/local/bin/fb.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-fb.pl sift-scripts-keydet-tools-ff.pl: file.copy: - name: /usr/local/bin/ff.pl - source: /usr/local/src/keydet-tools/source/ff.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ff.pl: file.replace: - name: /usr/local/bin/ff.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ff.pl sift-scripts-keydet-tools-ff_signons.pl: file.copy: - name: /usr/local/bin/ff_signons.pl - source: /usr/local/src/keydet-tools/source/ff_signons.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ff_signons.pl: file.replace: - name: /usr/local/bin/ff_signons.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ff_signons.pl sift-scripts-keydet-tools-ftkparse.pl: file.copy: - name: /usr/local/bin/ftkparse.pl - source: /usr/local/src/keydet-tools/source/ftkparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ftkparse.pl: file.replace: - name: /usr/local/bin/ftkparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ftkparse.pl sift-scripts-keydet-tools-idx.pl: file.copy: - name: /usr/local/bin/idx.pl - source: /usr/local/src/keydet-tools/source/idx.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-idx.pl: file.replace: - name: /usr/local/bin/idx.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-idx.pl sift-scripts-keydet-tools-idxparse.pl: file.copy: - name: /usr/local/bin/idxparse.pl - source: /usr/local/src/keydet-tools/source/idxparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-idxparse.pl: file.replace: - name: /usr/local/bin/idxparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-idxparse.pl sift-scripts-keydet-tools-jl.pl: file.copy: - name: /usr/local/bin/jl.pl - source: /usr/local/src/keydet-tools/source/jl.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-jl.pl: file.replace: - name: /usr/local/bin/jl.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-jl.pl sift-scripts-keydet-tools-jobparse.pl: file.copy: - name: /usr/local/bin/jobparse.pl - source: /usr/local/src/keydet-tools/source/jobparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-jobparse.pl: file.replace: - name: /usr/local/bin/jobparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-jobparse.pl sift-scripts-keydet-tools-lfle.pl: file.copy: - name: /usr/local/bin/lfle.pl - source: /usr/local/src/keydet-tools/source/lfle.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-lfle.pl: file.replace: - name: /usr/local/bin/lfle.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-lfle.pl sift-scripts-keydet-tools-lnk.pl: file.copy: - name: /usr/local/bin/lnk.pl - source: /usr/local/src/keydet-tools/source/lnk.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-lnk.pl: file.replace: - name: /usr/local/bin/lnk.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-lnk.pl sift-scripts-keydet-tools-mft.pl: file.copy: - name: /usr/local/bin/mft.pl - source: /usr/local/src/keydet-tools/source/mft.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-mft.pl: file.replace: - name: /usr/local/bin/mft.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-mft.pl sift-scripts-keydet-tools-parse.pl: file.copy: - name: /usr/local/bin/parse.pl - source: /usr/local/src/keydet-tools/source/parse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parse.pl: file.replace: - name: /usr/local/bin/parse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parse.pl sift-scripts-keydet-tools-parsei30.pl: file.copy: - name: /usr/local/bin/parsei30.pl - source: /usr/local/src/keydet-tools/source/parsei30.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parsei30.pl: file.replace: - name: /usr/local/bin/parsei30.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parsei30.pl sift-scripts-keydet-tools-parseie.pl: file.copy: - name: /usr/local/bin/parseie.pl - source: /usr/local/src/keydet-tools/source/parseie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parseie.pl: file.replace: - name: /usr/local/bin/parseie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parseie.pl sift-scripts-keydet-tools-pie.pl: file.copy: - name: /usr/local/bin/pie.pl - source: /usr/local/src/keydet-tools/source/pie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-pie.pl: file.replace: - name: /usr/local/bin/pie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-pie.pl sift-scripts-keydet-tools-pref.pl: file.copy: - name: /usr/local/bin/pref.pl - source: /usr/local/src/keydet-tools/source/pref.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-pref.pl: file.replace: - name: /usr/local/bin/pref.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-pref.pl sift-scripts-keydet-tools-rawie.pl: file.copy: - name: /usr/local/bin/rawie.pl - source: /usr/local/src/keydet-tools/source/rawie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rawie.pl: file.replace: - name: /usr/local/bin/rawie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rawie.pl sift-scripts-keydet-tools-recbin.pl: file.copy: - name: /usr/local/bin/recbin.pl - source: /usr/local/src/keydet-tools/source/recbin.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-recbin.pl: file.replace: - name: /usr/local/bin/recbin.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-recbin.pl sift-scripts-keydet-tools-regslack.pl: file.copy: - name: /usr/local/bin/regslack.pl - source: /usr/local/src/keydet-tools/source/regslack.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-regslack.pl: file.replace: - name: /usr/local/bin/regslack.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-regslack.pl sift-scripts-keydet-tools-regtime.pl: file.copy: - name: /usr/local/bin/regtime.pl - source: /usr/local/src/keydet-tools/source/regtime.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-regtime.pl: file.replace: - name: /usr/local/bin/regtime.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-regtime.pl sift-scripts-keydet-tools-rfc.pl: file.copy: - name: /usr/local/bin/rfc.pl - source: /usr/local/src/keydet-tools/source/rfc.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rfc.pl: file.replace: - name: /usr/local/bin/rfc.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rfc.pl sift-scripts-keydet-tools-rlo.pl: file.copy: - name: /usr/local/bin/rlo.pl - source: /usr/local/src/keydet-tools/source/rlo.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rlo.pl: file.replace: - name: /usr/local/bin/rlo.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rlo.pl sift-scripts-keydet-tools-tln.pl: file.copy: - name: /usr/local/bin/tln.pl - source: /usr/local/src/keydet-tools/source/tln.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-tln.pl: file.replace: - name: /usr/local/bin/tln.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-tln.pl sift-scripts-keydet-tools-usnj.pl: file.copy: - name: /usr/local/bin/usnj.pl - source: /usr/local/src/keydet-tools/source/usnj.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-usnj.pl: file.replace: - name: /usr/local/bin/usnj.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-usnj.pl # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git']), ('sift-scripts-keydet-tools-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/keydet89/Tools.git')]), OrderedDict([('target', '/usr/local/src/keydet-tools')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')])])])])])), ('sift-scripts-keydet-tools-bodyfile.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/bodyfile.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/bodyfile.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-bodyfile.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/bodyfile.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-bodyfile.pl')])])])])])), ('sift-scripts-keydet-tools-evtparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtparse.pl')])])])])])), ('sift-scripts-keydet-tools-evtrpt.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtrpt.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtrpt.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtrpt.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtrpt.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtrpt.pl')])])])])])), ('sift-scripts-keydet-tools-evtxparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtxparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtxparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtxparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtxparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtxparse.pl')])])])])])), ('sift-scripts-keydet-tools-fb.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/fb.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/fb.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-fb.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/fb.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-fb.pl')])])])])])), ('sift-scripts-keydet-tools-ff.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ff.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ff.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ff.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ff.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ff.pl')])])])])])), ('sift-scripts-keydet-tools-ff_signons.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ff_signons.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ff_signons.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ff_signons.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ff_signons.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ff_signons.pl')])])])])])), ('sift-scripts-keydet-tools-ftkparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ftkparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ftkparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ftkparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ftkparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ftkparse.pl')])])])])])), ('sift-scripts-keydet-tools-idx.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/idx.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/idx.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-idx.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/idx.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-idx.pl')])])])])])), ('sift-scripts-keydet-tools-idxparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/idxparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/idxparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-idxparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/idxparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-idxparse.pl')])])])])])), ('sift-scripts-keydet-tools-jl.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/jl.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/jl.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-jl.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/jl.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-jl.pl')])])])])])), ('sift-scripts-keydet-tools-jobparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/jobparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/jobparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-jobparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/jobparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-jobparse.pl')])])])])])), ('sift-scripts-keydet-tools-lfle.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/lfle.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/lfle.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-lfle.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/lfle.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-lfle.pl')])])])])])), ('sift-scripts-keydet-tools-lnk.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/lnk.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/lnk.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-lnk.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/lnk.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-lnk.pl')])])])])])), ('sift-scripts-keydet-tools-mft.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/mft.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/mft.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-mft.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/mft.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-mft.pl')])])])])])), ('sift-scripts-keydet-tools-parse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parse.pl')])])])])])), ('sift-scripts-keydet-tools-parsei30.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parsei30.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parsei30.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parsei30.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parsei30.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parsei30.pl')])])])])])), ('sift-scripts-keydet-tools-parseie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parseie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parseie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parseie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parseie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parseie.pl')])])])])])), ('sift-scripts-keydet-tools-pie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/pie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/pie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-pie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/pie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-pie.pl')])])])])])), ('sift-scripts-keydet-tools-pref.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/pref.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/pref.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-pref.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/pref.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-pref.pl')])])])])])), ('sift-scripts-keydet-tools-rawie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rawie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rawie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rawie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rawie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rawie.pl')])])])])])), ('sift-scripts-keydet-tools-recbin.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/recbin.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/recbin.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-recbin.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/recbin.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-recbin.pl')])])])])])), ('sift-scripts-keydet-tools-regslack.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/regslack.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/regslack.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-regslack.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/regslack.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-regslack.pl')])])])])])), ('sift-scripts-keydet-tools-regtime.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/regtime.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/regtime.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-regtime.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/regtime.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-regtime.pl')])])])])])), ('sift-scripts-keydet-tools-rfc.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rfc.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rfc.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rfc.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rfc.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rfc.pl')])])])])])), ('sift-scripts-keydet-tools-rlo.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rlo.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rlo.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rlo.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rlo.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rlo.pl')])])])])])), ('sift-scripts-keydet-tools-tln.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/tln.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/tln.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-tln.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/tln.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-tln.pl')])])])])])), ('sift-scripts-keydet-tools-usnj.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/usnj.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/usnj.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-usnj.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/usnj.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-usnj.pl')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' using 'yaml' renderer: 0.0881140232086 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/packerid.sls' to resolve 'salt://sift/scripts/packerid.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' to resolve 'salt://sift/scripts/packerid.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/packerid.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' using 'jinja' renderer: 0.00192785263062 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/packerid.sls: include: - sift.packages.python - sift.python-packages.pefile # Source: https://github.com/sooshie/packerid # License: Unknown sift-scripts-packerid: file.managed: - name: /usr/local/bin/packerid.py - source: https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py - source_hash: sha256=be589d4cbe70ecdc3424a6da48d8fc24630d51a6ebf92e5328b36e39423eb038 - mode: 755 - require: - sls: sift.packages.python - sls: sift.python-packages.pefile sift-scripts-packerid-shebang: file.replace: - name: /usr/local/bin/packerid.py - pattern: '#!/usr/local/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-packerid # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python', 'sift.python-packages.pefile']), ('sift-scripts-packerid', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/packerid.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py')]), OrderedDict([('source_hash', 'sha256=be589d4cbe70ecdc3424a6da48d8fc24630d51a6ebf92e5328b36e39423eb038')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python')]), OrderedDict([('sls', 'sift.python-packages.pefile')])])])])])), ('sift-scripts-packerid-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/packerid.py')]), OrderedDict([('pattern', '#!/usr/local/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-packerid')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' using 'yaml' renderer: 0.00451517105103 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/page-brute.sls' to resolve 'salt://sift/scripts/page-brute.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' to resolve 'salt://sift/scripts/page-brute.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/page-brute.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' using 'jinja' renderer: 0.000773906707764 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/page-brute.sls: scripts-page-brute: file.recurse: - name: /usr/local/bin - source: salt://sift/files/page-brute - file_mode: 755 - include_pat: '*.py' # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-page-brute', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/local/bin')]), OrderedDict([('source', 'salt://sift/files/page-brute')]), OrderedDict([('file_mode', 755)]), OrderedDict([('include_pat', '*.py')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' using 'yaml' renderer: 0.00153994560242 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/parseusn.sls' to resolve 'salt://sift/scripts/parseusn.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' to resolve 'salt://sift/scripts/parseusn.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/parseusn.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' using 'jinja' renderer: 0.00155687332153 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/parseusn.sls: include: - sift.packages.python # Source: https://github.com/superponible/DFIR/ # License: MIT Open Source License (http://opensource.org/licenses/mit-license.php) sift-scripts-parseusn: file.managed: - name: /usr/local/bin/parseusn.py - source: https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py - source_hash: sha256=4540eba4cdddcb0eab1bc21ccea6a6ab7c010936909bb233807dc9bf4189ab10 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python']), ('sift-scripts-parseusn', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/parseusn.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py')]), OrderedDict([('source_hash', 'sha256=4540eba4cdddcb0eab1bc21ccea6a6ab7c010936909bb233807dc9bf4189ab10')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' using 'yaml' renderer: 0.0022029876709 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pdf-tools.sls' to resolve 'salt://sift/scripts/pdf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' to resolve 'salt://sift/scripts/pdf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' using 'jinja' renderer: 0.000869035720825 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls: scripts-pdf-tools: file.recurse: - name: /usr/local/bin - source: salt://sift/files/pdf-tools - file_mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-pdf-tools', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/local/bin')]), OrderedDict([('source', 'salt://sift/files/pdf-tools')]), OrderedDict([('file_mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' using 'yaml' renderer: 0.00138211250305 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pe-carver.sls' to resolve 'salt://sift/scripts/pe-carver.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' to resolve 'salt://sift/scripts/pe-carver.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' using 'jinja' renderer: 0.00166606903076 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls: include: - sift.python-packages.bitstring - sift.python-packages.pefile # Source: https://github.com/Rurik/PE_Carver # License: No Specified sift-scripts-pecarve: file.managed: - name: /usr/local/bin/pecarve.py - source: https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py - source_hash: sha256=6b245decadde4652ff6d1e2b24f6496dd252bee4bf57e7c934fbb9c9f21df849 - mode: 755 - require: - sls: sift.python-packages.bitstring - sls: sift.python-packages.pefile sift-scripts-pecarve-shebang: file.prepend: - name: /usr/local/bin/pecarve.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-pecarve # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.bitstring', 'sift.python-packages.pefile']), ('sift-scripts-pecarve', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/pecarve.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py')]), OrderedDict([('source_hash', 'sha256=6b245decadde4652ff6d1e2b24f6496dd252bee4bf57e7c934fbb9c9f21df849')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.bitstring')]), OrderedDict([('sls', 'sift.python-packages.pefile')])])])])])), ('sift-scripts-pecarve-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/pecarve.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-pecarve')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' using 'yaml' renderer: 0.0045850276947 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pescanner.sls' to resolve 'salt://sift/scripts/pescanner.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' to resolve 'salt://sift/scripts/pescanner.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pescanner.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' using 'jinja' renderer: 0.00174999237061 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pescanner.sls: include: - sift.python-packages.pefile # Source: https://github.com/hiddenillusion/AnalyzePE/ # License: Unknown sift-scripts-pescanner: file.managed: - name: /usr/local/bin/pescanner.py - source: https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py - source_hash: sha256=0c4e2a8916df3de0bde67ef47543db6f6068b267fa2b665667a52bc6002e6529 - mode: 755 - require: - pip: pefile # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.pefile']), ('sift-scripts-pescanner', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/pescanner.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py')]), OrderedDict([('source_hash', 'sha256=0c4e2a8916df3de0bde67ef47543db6f6068b267fa2b665667a52bc6002e6529')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('pip', 'pefile')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' using 'yaml' renderer: 0.00251293182373 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/regripper.sls' to resolve 'salt://sift/scripts/regripper.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' to resolve 'salt://sift/scripts/regripper.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/regripper.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' using 'jinja' renderer: 0.001629114151 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/regripper.sls: include: - sift.packages.git - sift.packages.libparse-win32registry-perl sift-scripts-regripper-git: git.latest: - name: https://github.com/keydet89/RegRipper2.8.git - target: /usr/local/src/regripper - user: root - rev: master - force_clone: True - force_reset: True - require: - pkg: git sift-scripts-regripper-directory: file.directory: - name: /usr/local/share/regripper - makedirs: True - file_mode: 644 - require: - git: sift-scripts-regripper-git sift-scripts-regripper-binary: file.managed: - name: /usr/local/share/regripper/rip.pl - source: salt://sift/files/regripper/rip.pl - mode: 755 - require: - git: sift-scripts-regripper-git - pkg: libparse-win32registry-perl sift-scripts-regripper-plugins-symlink: file.symlink: - name: /usr/local/share/regripper/plugins - target: /usr/local/src/regripper/plugins - require: - git: sift-scripts-regripper-git - file: sift-scripts-regripper-directory sift-scripts-regripper-binary-symlink: file.symlink: - name: /usr/local/bin/rip.pl - target: /usr/local/share/regripper/rip.pl - mode: 755 - require: - file: sift-scripts-regripper-binary sift-scripts-regripper-plugins-all: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"All\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-ntuser: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"NTUSER\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-usrclass: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"USRCLASS\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-sam: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"SAM\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-security: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"Security\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-software: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"Software\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-system: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"System\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system" - watch: - git: sift-scripts-regripper-git # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git', 'sift.packages.libparse-win32registry-perl']), ('sift-scripts-regripper-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/keydet89/RegRipper2.8.git')]), OrderedDict([('target', '/usr/local/src/regripper')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('force_reset', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')])])])])])), ('sift-scripts-regripper-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/local/share/regripper')]), OrderedDict([('makedirs', True)]), OrderedDict([('file_mode', 644)]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-binary', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/share/regripper/rip.pl')]), OrderedDict([('source', 'salt://sift/files/regripper/rip.pl')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')]), OrderedDict([('pkg', 'libparse-win32registry-perl')])])])])])), ('sift-scripts-regripper-plugins-symlink', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/share/regripper/plugins')]), OrderedDict([('target', '/usr/local/src/regripper/plugins')]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')]), OrderedDict([('file', 'sift-scripts-regripper-directory')])])])])])), ('sift-scripts-regripper-binary-symlink', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/bin/rip.pl')]), OrderedDict([('target', '/usr/local/share/regripper/rip.pl')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('file', 'sift-scripts-regripper-binary')])])])])])), ('sift-scripts-regripper-plugins-all', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/all')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-ntuser', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/ntuser')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-usrclass', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/usrclass')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-sam', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/sam')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-security', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/security')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-software', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/software')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-system', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/system')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' using 'yaml' renderer: 0.0170228481293 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/shim-cache-parser.sls' to resolve 'salt://sift/scripts/shim-cache-parser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' to resolve 'salt://sift/scripts/shim-cache-parser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' using 'jinja' renderer: 0.001797914505 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls: include: - sift.python-packages.python-registry # Source: https://github.com/mandiant/ShimCacheParser # License: Apache 2 (https://github.com/mandiant/ShimCacheParser/blob/master/LICENSE) sift-scripts-shim-cache-parser: file.managed: - name: /usr/local/bin/ShimCacheParser.py - source: https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py - source_hash: sha256=61e75e485c0efc862e7b1c7746a493ca944afcf3e96512fb864706089f89d9aa - mode: 755 - require: - sls: sift.python-packages.python-registry sift-scripts-shim-cache-parser-shebang: file.prepend: - name: /usr/local/bin/ShimCacheParser.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-shim-cache-parser # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.python-registry']), ('sift-scripts-shim-cache-parser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/ShimCacheParser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py')]), OrderedDict([('source_hash', 'sha256=61e75e485c0efc862e7b1c7746a493ca944afcf3e96512fb864706089f89d9aa')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.python-registry')])])])])])), ('sift-scripts-shim-cache-parser-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/ShimCacheParser.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-shim-cache-parser')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' using 'yaml' renderer: 0.00374293327332 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sift.sls' to resolve 'salt://sift/scripts/sift.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' to resolve 'salt://sift/scripts/sift.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sift.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' using 'jinja' renderer: 0.0019850730896 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sift.sls: scripts-sift-resources-resources: file.directory: - name: /usr/share/sift/resources - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-images: file.directory: - name: /usr/share/sift/images - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-audio: file.directory: - name: /usr/share/sift/audio - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-other: file.directory: - name: /usr/share/sift/other - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-scripts: file.directory: - name: /usr/share/sift/scripts - user: root - group: root - makedirs: true - require_in: - file: sift-resources sift-resources: file.recurse: - name: /usr/share/sift - source: salt://sift/files/sift # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-sift-resources-resources', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/resources')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-images', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/images')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-audio', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/audio')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-other', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/other')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-scripts', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/scripts')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('sift-resources', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/share/sift')]), OrderedDict([('source', 'salt://sift/files/sift')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' using 'yaml' renderer: 0.00905203819275 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sorter.sls' to resolve 'salt://sift/scripts/sorter.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' to resolve 'salt://sift/scripts/sorter.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sorter.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' using 'jinja' renderer: 0.000823974609375 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sorter.sls: scripts-sorter-directory: file.directory: - name: /usr/share/tsk/sorter - makedirs: true scripts-sorter-files: file.recurse: - name: /usr/share/tsk/sorter - source: salt://sift/files/sorter - file_mode: 644 - require: - file: scripts-sorter-directory # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-sorter-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/tsk/sorter')]), OrderedDict([('makedirs', True)])])])), ('scripts-sorter-files', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/share/tsk/sorter')]), OrderedDict([('source', 'salt://sift/files/sorter')]), OrderedDict([('file_mode', 644)]), OrderedDict([('require', [OrderedDict([('file', 'scripts-sorter-directory')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' using 'yaml' renderer: 0.00263094902039 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sqlparser.sls' to resolve 'salt://sift/scripts/sqlparser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' to resolve 'salt://sift/scripts/sqlparser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' using 'jinja' renderer: 0.00139904022217 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls: # Source: https://github.com/mdegrazia/SQLite-Deleted-Records-Parser # License: Not Specified sift-scripts-sqlparser: file.managed: - name: /usr/local/bin/sqlparser.py - source: https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py - source_hash: sha256=0bb28498141380821d5adc43cc3557ce6a96aeb8a33c414a48e3ccc2a1aad8c9 - mode: 755 sift-scripts-sqlparser-shebang: file.prepend: - name: /usr/local/bin/sqlparser.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-sqlparser # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-sqlparser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/sqlparser.py')]), OrderedDict([('source', 'https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py')]), OrderedDict([('source_hash', 'sha256=0bb28498141380821d5adc43cc3557ce6a96aeb8a33c414a48e3ccc2a1aad8c9')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-sqlparser-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/sqlparser.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-sqlparser')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' using 'yaml' renderer: 0.00302886962891 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/usbdeviceforensics.sls' to resolve 'salt://sift/scripts/usbdeviceforensics.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' to resolve 'salt://sift/scripts/usbdeviceforensics.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' using 'jinja' renderer: 0.00199103355408 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls: # Source: https://github.com/woanware/usbdeviceforensics # License: Unknown sift-scripts-usbdeviceforensics: file.managed: - name: /usr/local/bin/usbdeviceforensics.py - source: https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py - source_hash: sha256=cc643ae2ccd7b772f6d8a2abaa0e9dd33514c60328c5bc3b7d60bb69398b9637 - mode: 755 sift-scripts-usbdeviceforensics-shebang: file.replace: - name: /usr/local/bin/usbdeviceforensics.py - pattern: '#!/usr/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-usbdeviceforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-usbdeviceforensics', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/usbdeviceforensics.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py')]), OrderedDict([('source_hash', 'sha256=cc643ae2ccd7b772f6d8a2abaa0e9dd33514c60328c5bc3b7d60bb69398b9637')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-usbdeviceforensics-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/usbdeviceforensics.py')]), OrderedDict([('pattern', '#!/usr/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-usbdeviceforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' using 'yaml' renderer: 0.00357103347778 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/virustotal-tools.sls' to resolve 'salt://sift/scripts/virustotal-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' to resolve 'salt://sift/scripts/virustotal-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' using 'jinja' renderer: 0.00198602676392 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls: # Source: https://blog.didierstevens.com/programs/virustotal-tools/ # License: Unknown, No Copyright sift-scripts-virustotal-search-archive: archive.extracted: - name: /usr/local/src/virustotal-search-v0.1.4 - source: https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip - source_hash: sha256=8c033b3c46767590c54c191aeedc0162b3b8ccde0d7b75841a6552ca9de76044 - enforce_toplevel: False sift-scripts-virustotal-search-script: file.managed: - name: /usr/local/bin/virustotal-search.py - source: /usr/local/src/virustotal-search-v0.1.4/virustotal-search.py - mode: 755 - watch: - archive: sift-scripts-virustotal-search-archive sift-scripts-virustotal-submit-archive: archive.extracted: - name: /usr/local/src/virustotal-submit-v0.0.3 - source: https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip - source_hash: sha256=37cce3e8469de097912cb23bac6b909c9c7f5a5cee09c9279d32bdb9d6e23bcc - enforce_toplevel: False sift-scripts-virustotal-submit-script: file.managed: - name: /usr/local/bin/virustotal-submit.py - source: /usr/local/src/virustotal-submit-v0.0.3/virustotal-submit.py - mode: 755 - watch: - archive: sift-scripts-virustotal-submit-archive # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-virustotal-search-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/virustotal-search-v0.1.4')]), OrderedDict([('source', 'https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip')]), OrderedDict([('source_hash', 'sha256=8c033b3c46767590c54c191aeedc0162b3b8ccde0d7b75841a6552ca9de76044')]), OrderedDict([('enforce_toplevel', False)])])])), ('sift-scripts-virustotal-search-script', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/virustotal-search.py')]), OrderedDict([('source', '/usr/local/src/virustotal-search-v0.1.4/virustotal-search.py')]), OrderedDict([('mode', 755)]), OrderedDict([('watch', [OrderedDict([('archive', 'sift-scripts-virustotal-search-archive')])])])])])), ('sift-scripts-virustotal-submit-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/virustotal-submit-v0.0.3')]), OrderedDict([('source', 'https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip')]), OrderedDict([('source_hash', 'sha256=37cce3e8469de097912cb23bac6b909c9c7f5a5cee09c9279d32bdb9d6e23bcc')]), OrderedDict([('enforce_toplevel', False)])])])), ('sift-scripts-virustotal-submit-script', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/virustotal-submit.py')]), OrderedDict([('source', '/usr/local/src/virustotal-submit-v0.0.3/virustotal-submit.py')]), OrderedDict([('mode', 755)]), OrderedDict([('watch', [OrderedDict([('archive', 'sift-scripts-virustotal-submit-archive')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' using 'yaml' renderer: 0.00758194923401 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/vshot.sls' to resolve 'salt://sift/scripts/vshot.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' to resolve 'salt://sift/scripts/vshot.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/vshot.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' using 'jinja' renderer: 0.00178790092468 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/vshot.sls: include: - sift.packages.bulk-extractor - sift.packages.python-volatility # Source: https://github.com/williballenthin/python-registry # License: Apache2 - https://github.com/williballenthin/python-registry/blob/master/LICENSE.TXT sift-scripts-vshot: file.managed: - name: /usr/local/bin/vshot - source: https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot - source_hash: sha256=590fb825df2d17f2e83fcbf1a578f39d8c7bd38017d85edfb250c0fb92db8b3a - mode: 755 - require: - pkg: python-volatility - pkg: bulk-extractor # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.bulk-extractor', 'sift.packages.python-volatility']), ('sift-scripts-vshot', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/vshot')]), OrderedDict([('source', 'https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot')]), OrderedDict([('source_hash', 'sha256=590fb825df2d17f2e83fcbf1a578f39d8c7bd38017d85edfb250c0fb92db8b3a')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-volatility')]), OrderedDict([('pkg', 'bulk-extractor')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' using 'yaml' renderer: 0.00291109085083 # [DEBUG ] Could not find file 'salt://sift/config.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/init.sls' to resolve 'salt://sift/config/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/init.sls' to resolve 'salt://sift/config/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/init.sls' using 'jinja' renderer: 0.000972986221313 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/init.sls: include: - sift.config.hostname - sift.config.user - sift.config.timezone - sift.config.folders - sift.config.salt-minion - sift.config.samba #- .symlinks sift-config: test.nop: - name: sift-config - require: - sls: sift.config.hostname - sls: sift.config.user - sls: sift.config.timezone - sls: sift.config.folders - sls: sift.config.salt-minion - sls: sift.config.samba # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.config.hostname', 'sift.config.user', 'sift.config.timezone', 'sift.config.folders', 'sift.config.salt-minion', 'sift.config.samba']), ('sift-config', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-config')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.config.hostname')]), OrderedDict([('sls', 'sift.config.user')]), OrderedDict([('sls', 'sift.config.timezone')]), OrderedDict([('sls', 'sift.config.folders')]), OrderedDict([('sls', 'sift.config.salt-minion')]), OrderedDict([('sls', 'sift.config.samba')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/init.sls' using 'yaml' renderer: 0.00349903106689 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/hostname.sls' to resolve 'salt://sift/config/hostname.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/hostname.sls' to resolve 'salt://sift/config/hostname.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/hostname.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/hostname.sls' using 'jinja' renderer: 0.0034339427948 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/hostname.sls: hostname-managed: file.managed: - name: /etc/hostname - contents: siftworkstation - backup: false hostname-set-hostname: cmd.run: - name: hostnamectl set-hostname siftworkstation - unless: test "siftworkstation" = "$(hostname)" hostname-set-hosts: host.present: - name: siftworkstation - ip: 127.0.0.1 # [DEBUG ] Results of YAML rendering: OrderedDict([('hostname-managed', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/hostname')]), OrderedDict([('contents', 'siftworkstation')]), OrderedDict([('backup', False)])])])), ('hostname-set-hostname', OrderedDict([('cmd.run', [OrderedDict([('name', 'hostnamectl set-hostname siftworkstation')]), OrderedDict([('unless', 'test "siftworkstation" = "$(hostname)"')])])])), ('hostname-set-hosts', OrderedDict([('host.present', [OrderedDict([('name', 'siftworkstation')]), OrderedDict([('ip', '127.0.0.1')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/hostname.sls' using 'yaml' renderer: 0.00325894355774 # [DEBUG ] Could not find file 'salt://sift/config/user.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/init.sls' to resolve 'salt://sift/config/user/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/init.sls' to resolve 'salt://sift/config/user/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/init.sls' using 'jinja' renderer: 0.00101590156555 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/init.sls: include: - sift.config.user.user - sift.config.user.bash-aliases - sift.config.user.bash-rc - sift.config.user.folders - sift.config.user.pdfs - sift.config.user.symlinks - sift.config.user.theme sift-config-user: test.nop: - name: sift-config-user - require: - sls: sift.config.user.user - sls: sift.config.user.bash-aliases - sls: sift.config.user.bash-rc - sls: sift.config.user.folders - sls: sift.config.user.pdfs - sls: sift.config.user.symlinks - sls: sift.config.user.theme # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.config.user.user', 'sift.config.user.bash-aliases', 'sift.config.user.bash-rc', 'sift.config.user.folders', 'sift.config.user.pdfs', 'sift.config.user.symlinks', 'sift.config.user.theme']), ('sift-config-user', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-config-user')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.config.user.user')]), OrderedDict([('sls', 'sift.config.user.bash-aliases')]), OrderedDict([('sls', 'sift.config.user.bash-rc')]), OrderedDict([('sls', 'sift.config.user.folders')]), OrderedDict([('sls', 'sift.config.user.pdfs')]), OrderedDict([('sls', 'sift.config.user.symlinks')]), OrderedDict([('sls', 'sift.config.user.theme')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/init.sls' using 'yaml' renderer: 0.00418400764465 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/user.sls' to resolve 'salt://sift/config/user/user.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/user.sls' to resolve 'salt://sift/config/user/user.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/user.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [DEBUG ] LazyLoaded user.list_users # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/user.sls' using 'jinja' renderer: 0.00807619094849 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/user.sls: sift-user-sansforensics: user.present: - name: sansforensics - home: /home/sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-user-sansforensics', OrderedDict([('user.present', [OrderedDict([('name', 'sansforensics')]), OrderedDict([('home', '/home/sansforensics')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/user.sls' using 'yaml' renderer: 0.00157713890076 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/bash-aliases.sls' to resolve 'salt://sift/config/user/bash-aliases.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' to resolve 'salt://sift/config/user/bash-aliases.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' using 'jinja' renderer: 0.00290989875793 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls: include: - .user bash-aliases-user-sansforensics: file.append: - name: /home/sansforensics/.bash_aliases - text: "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" - require: - user: sift-user-sansforensics bash-aliases-user-root: file.append: - name: /root/.bash_aliases - text: "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" - require: - file: bash-aliases-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('bash-aliases-user-sansforensics', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bash_aliases')]), OrderedDict([('text', "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'")]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('bash-aliases-user-root', OrderedDict([('file.append', [OrderedDict([('name', '/root/.bash_aliases')]), OrderedDict([('text', "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'")]), OrderedDict([('require', [OrderedDict([('file', 'bash-aliases-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' using 'yaml' renderer: 0.00347185134888 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/bash-rc.sls' to resolve 'salt://sift/config/user/bash-rc.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' to resolve 'salt://sift/config/user/bash-rc.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' using 'jinja' renderer: 0.00248789787292 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls: include: - .user rc-noclobber: file.append: - name: /home/sansforensics/.bashrc - text: 'set -o noclobber' - require: - user: sift-user-sansforensics rekall-path: file.append: - name: /home/sansforensics/.bashrc - text: 'export PATH=$PATH:/opt/rekall/bin' - require: - user: sift-user-sansforensics rc-root-noclobber: file.append: - name: /root/.bashrc - text: 'set -o noclobber' - require: - file: rekall-path # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('rc-noclobber', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bashrc')]), OrderedDict([('text', 'set -o noclobber')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('rekall-path', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bashrc')]), OrderedDict([('text', 'export PATH=$PATH:/opt/rekall/bin')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('rc-root-noclobber', OrderedDict([('file.append', [OrderedDict([('name', '/root/.bashrc')]), OrderedDict([('text', 'set -o noclobber')]), OrderedDict([('require', [OrderedDict([('file', 'rekall-path')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' using 'yaml' renderer: 0.00432419776917 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/folders.sls' to resolve 'salt://sift/config/user/folders.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' to resolve 'salt://sift/config/user/folders.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/folders.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' using 'jinja' renderer: 0.00205492973328 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/folders.sls: include: - .user folders-config-autostart: file.directory: - name: /home/sansforensics/.config/autostart - user: sansforensics - group: sansforensics - makedirs: True - require: - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('folders-config-autostart', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/.config/autostart')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('makedirs', True)]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' using 'yaml' renderer: 0.0022189617157 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/pdfs.sls' to resolve 'salt://sift/config/user/pdfs.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' to resolve 'salt://sift/config/user/pdfs.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/pdfs.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' using 'jinja' renderer: 0.0018458366394 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/pdfs.sls: include: - .user pdfs-resource-copy: file.recurse: - name: /home/sansforensics/Desktop - source: salt://sift/files/sift/resources - include_pat: '*.pdf' - require: - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('pdfs-resource-copy', OrderedDict([('file.recurse', [OrderedDict([('name', '/home/sansforensics/Desktop')]), OrderedDict([('source', 'salt://sift/files/sift/resources')]), OrderedDict([('include_pat', '*.pdf')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' using 'yaml' renderer: 0.00217080116272 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/symlinks.sls' to resolve 'salt://sift/config/user/symlinks.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' to resolve 'salt://sift/config/user/symlinks.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/symlinks.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' using 'jinja' renderer: 0.00301599502563 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/symlinks.sls: include: - .user symlinks-user-desktop-directory: file.directory: - name: /home/sansforensics/Desktop - require: - user: sift-user-sansforensics symlinks-mount-points: file.symlink: - name: /home/sansforensics/Desktop/mount_points - target: /mnt - user: sansforensics - group: sansforensics - require: - file: symlinks-user-desktop-directory - user: sift-user-sansforensics symlinks-cases: file.symlink: - name: /home/sansforensics/Desktop/cases - target: /cases - user: sansforensics - group: sansforensics - require: - file: symlinks-user-desktop-directory - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('symlinks-user-desktop-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/Desktop')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('symlinks-mount-points', OrderedDict([('file.symlink', [OrderedDict([('name', '/home/sansforensics/Desktop/mount_points')]), OrderedDict([('target', '/mnt')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('require', [OrderedDict([('file', 'symlinks-user-desktop-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('symlinks-cases', OrderedDict([('file.symlink', [OrderedDict([('name', '/home/sansforensics/Desktop/cases')]), OrderedDict([('target', '/cases')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('require', [OrderedDict([('file', 'symlinks-user-desktop-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' using 'yaml' renderer: 0.00604295730591 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/theme.sls' to resolve 'salt://sift/config/user/theme.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' to resolve 'salt://sift/config/user/theme.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/theme.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' using 'jinja' renderer: 0.00500798225403 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/theme.sls: include: - .user theme-set-background-directory: file.directory: - name: /usr/share/backgrounds - makedirs: True theme-set-background: file.managed: - name: /usr/share/backgrounds/warty-final-ubuntu.png - source: salt://sift/files/sift/images/forensics_blue.jpg - replace: True - require: - file: theme-set-background-directory - user: sift-user-sansforensics theme-set-unity-logo-directory: file.directory: - name: /usr/share/unity-greeter - makedirs: True theme-set-unity-logo: file.managed: - name: /usr/share/unity-greeter/logo.png - source: salt://sift/files/sift/images/login_logo.png - replace: True - require: - file: theme-set-unity-logo-directory - user: sift-user-sansforensics theme-manage-autostart: file.directory: - name: /home/sansforensics/.config/autostart/ - makedirs: True theme-manage-gnome-terminal: file.managed: - name: /home/sansforensics/.config/autostart/gnome-terminal.desktop - source: salt://sift/files/sift/other/gnome-terminal.desktop - replace: True - require: - file: theme-manage-autostart - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('theme-set-background-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/backgrounds')]), OrderedDict([('makedirs', True)])])])), ('theme-set-background', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/share/backgrounds/warty-final-ubuntu.png')]), OrderedDict([('source', 'salt://sift/files/sift/images/forensics_blue.jpg')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-set-background-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('theme-set-unity-logo-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/unity-greeter')]), OrderedDict([('makedirs', True)])])])), ('theme-set-unity-logo', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/share/unity-greeter/logo.png')]), OrderedDict([('source', 'salt://sift/files/sift/images/login_logo.png')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-set-unity-logo-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('theme-manage-autostart', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/.config/autostart/')]), OrderedDict([('makedirs', True)])])])), ('theme-manage-gnome-terminal', OrderedDict([('file.managed', [OrderedDict([('name', '/home/sansforensics/.config/autostart/gnome-terminal.desktop')]), OrderedDict([('source', 'salt://sift/files/sift/other/gnome-terminal.desktop')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-manage-autostart')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' using 'yaml' renderer: 0.00805497169495 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/timezone.sls' to resolve 'salt://sift/config/timezone.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/timezone.sls' to resolve 'salt://sift/config/timezone.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/timezone.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/timezone.sls' using 'jinja' renderer: 0.00158786773682 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/timezone.sls: Etc/UTC: timezone.system # [DEBUG ] Results of YAML rendering: OrderedDict([('Etc/UTC', 'timezone.system')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/timezone.sls' using 'yaml' renderer: 0.000581026077271 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/folders.sls' to resolve 'salt://sift/config/folders.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/folders.sls' to resolve 'salt://sift/config/folders.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/folders.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/folders.sls' using 'jinja' renderer: 0.00474095344543 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/folders.sls: include: - .user config-folder-cases: file.directory: - name: /cases - user: sansforensics - group: root - makedirs: true - dir_mode: 775 - require: - user: sift-user-sansforensics /mnt/usb: file.directory: - user: root - group: root - makedirs: true /mnt/vss: file.directory: - user: root - group: root - makedirs: true /mnt/shadow: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount: file.directory: - user: root - group: root - makedirs: true /mnt/e01: file.directory: - user: root - group: root - makedirs: true /mnt/aff: file.directory: - user: root - group: root - makedirs: true /mnt/ewf: file.directory: - user: root - group: root - makedirs: true /mnt/bde: file.directory: - user: root - group: root - makedirs: true /mnt/iscsi: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount1: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount2: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount3: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount4: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount5: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss1: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss2: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss3: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss4: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss5: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss6: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss7: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss8: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss9: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss10: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss11: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss12: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss13: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss14: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss15: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss16: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss17: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss18: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss19: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss20: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss21: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss22: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss23: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss24: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss25: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss26: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss27: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss28: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss29: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss30: file.directory: - user: root - group: root - makedirs: true # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('config-folder-cases', OrderedDict([('file.directory', [OrderedDict([('name', '/cases')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('dir_mode', 775)]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('/mnt/usb', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/vss', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/e01', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/aff', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/ewf', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/bde', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/iscsi', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount1', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount2', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount3', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount4', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount5', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss1', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss2', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss3', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss4', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss5', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss6', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss7', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss8', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss9', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss10', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss11', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss12', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss13', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss14', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss15', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss16', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss17', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss18', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss19', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss20', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss21', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss22', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss23', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss24', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss25', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss26', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss27', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss28', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss29', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss30', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/folders.sls' using 'yaml' renderer: 0.0685539245605 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/salt-minion.sls' to resolve 'salt://sift/config/salt-minion.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' to resolve 'salt://sift/config/salt-minion.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/salt-minion.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' using 'jinja' renderer: 0.00089693069458 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/salt-minion.sls: salt-minion: service.dead: - name: salt-minion - enable: False # [DEBUG ] Results of YAML rendering: OrderedDict([('salt-minion', OrderedDict([('service.dead', [OrderedDict([('name', 'salt-minion')]), OrderedDict([('enable', False)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' using 'yaml' renderer: 0.00112199783325 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/samba.sls' to resolve 'salt://sift/config/samba.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/samba.sls' to resolve 'salt://sift/config/samba.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/samba.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/samba.sls' using 'jinja' renderer: 0.00196385383606 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/samba.sls: include: - ..packages.samba sift-samba-global-config: file.managed: - name: /etc/samba/smb.conf - source: salt://sift/files/samba/smb.conf - template: jinja - context: user: sansforensics - require: - pkg: samba samba-service-smbd: service.running: - name: smbd - watch: - file: sift-samba-global-config samba-service-nmbd: service.running: - name: nmbd - watch: - file: sift-samba-global-config # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.samba']), ('sift-samba-global-config', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/samba/smb.conf')]), OrderedDict([('source', 'salt://sift/files/samba/smb.conf')]), OrderedDict([('template', 'jinja')]), OrderedDict([('context', OrderedDict([('user', 'sansforensics')]))]), OrderedDict([('require', [OrderedDict([('pkg', 'samba')])])])])])), ('samba-service-smbd', OrderedDict([('service.running', [OrderedDict([('name', 'smbd')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-samba-global-config')])])])])])), ('samba-service-nmbd', OrderedDict([('service.running', [OrderedDict([('name', 'nmbd')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-samba-global-config')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/samba.sls' using 'yaml' renderer: 0.0042200088501 # [DEBUG ] LazyLoaded pkg.install # [DEBUG ] LazyLoaded pkg.installed # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad pkg.ex_mod_init: 'pkg.ex_mod_init' is not available. # [INFO ] Running state [python-software-properties] at time 14:41:07.526760 # [INFO ] Executing state pkg.installed for [python-software-properties] # [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/home/sansforensics' # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-software-properties is already installed # [INFO ] Completed state [python-software-properties] at time 14:41:08.229230 duration_in_ms=702.47 # [INFO ] Running state [apt-transport-https] at time 14:41:08.229418 # [INFO ] Executing state pkg.installed for [apt-transport-https] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package apt-transport-https is already installed # [INFO ] Completed state [apt-transport-https] at time 14:41:08.234794 duration_in_ms=5.375 # [DEBUG ] LazyLoaded pkgrepo.managed # [INFO ] Running state [deb https://apt.dockerproject.org/repo ubuntu-xenial main] at time 14:41:08.240568 # [INFO ] Executing state pkgrepo.managed for [deb https://apt.dockerproject.org/repo ubuntu-xenial main] # [INFO ] Package repo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' already configured # [INFO ] Completed state [deb https://apt.dockerproject.org/repo ubuntu-xenial main] at time 14:41:08.288733 duration_in_ms=48.164 # [INFO ] Running state [sift-gift-dev] at time 14:41:08.288910 # [INFO ] Executing state pkgrepo.absent for [sift-gift-dev] # [INFO ] Package repo ppa:gift/dev is absent # [INFO ] Completed state [sift-gift-dev] at time 14:41:08.786580 duration_in_ms=497.669 # [INFO ] Running state [gift] at time 14:41:08.790499 # [INFO ] Executing state pkgrepo.managed for [gift] # [INFO ] Configured package repo 'gift' # [INFO ] Completed state [gift] at time 14:41:10.500027 duration_in_ms=1709.528 # [INFO ] Running state [sift-dev] at time 14:41:10.500209 # [INFO ] Executing state pkgrepo.absent for [sift-dev] # [INFO ] Package repo ppa:sift/dev is absent # [INFO ] Completed state [sift-dev] at time 14:41:10.912651 duration_in_ms=412.442 # [INFO ] Running state [sift-repo] at time 14:41:10.916501 # [INFO ] Executing state pkgrepo.managed for [sift-repo] # [INFO ] Configured package repo 'sift-repo' # [INFO ] Completed state [sift-repo] at time 14:41:12.683770 duration_in_ms=1767.268 # [INFO ] Running state [openjdk-repo] at time 14:41:12.686861 # [INFO ] Executing state pkgrepo.managed for [openjdk-repo] # [INFO ] Configured package repo 'openjdk-repo' # [INFO ] Completed state [openjdk-repo] at time 14:41:14.526978 duration_in_ms=1840.118 # [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] at time 14:41:14.527194 # [INFO ] Executing state pkgrepo.managed for [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] # [INFO ] Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse' already configured # [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] at time 14:41:14.568260 duration_in_ms=41.065 # [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] at time 14:41:14.568457 # [INFO ] Executing state pkgrepo.managed for [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] # [INFO ] Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse' already configured # [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] at time 14:41:14.607912 duration_in_ms=39.454 # [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial universe] at time 14:41:14.608092 # [INFO ] Executing state pkgrepo.managed for [deb http://archive.ubuntu.com/ubuntu/ xenial universe] # [INFO ] Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial universe' already configured # [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial universe] at time 14:41:14.647500 duration_in_ms=39.407 # [DEBUG ] LazyLoaded test.nop # [INFO ] Running state [ubuntutweak] at time 14:41:14.648554 # [INFO ] Executing state test.nop for [ubuntutweak] # [INFO ] Success! # [INFO ] Completed state [ubuntutweak] at time 14:41:14.648996 duration_in_ms=0.442 # [INFO ] Running state [sift-repos] at time 14:41:14.658663 # [INFO ] Executing state test.nop for [sift-repos] # [INFO ] Success! # [INFO ] Completed state [sift-repos] at time 14:41:14.659265 duration_in_ms=0.602 # [INFO ] Running state [binplist] at time 14:41:14.659417 # [INFO ] Executing state pkg.removed for [binplist] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [binplist] at time 14:41:14.671760 duration_in_ms=12.343 # [INFO ] Running state [unity-webapps-common] at time 14:41:14.671946 # [INFO ] Executing state pkg.removed for [unity-webapps-common] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [unity-webapps-common] at time 14:41:14.683140 duration_in_ms=11.194 # [INFO ] Running state [aeskeyfind] at time 14:41:14.683353 # [INFO ] Executing state pkg.installed for [aeskeyfind] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package aeskeyfind is already installed # [INFO ] Completed state [aeskeyfind] at time 14:41:14.693531 duration_in_ms=10.178 # [INFO ] Running state [afflib-tools] at time 14:41:14.693754 # [INFO ] Executing state pkg.installed for [afflib-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package afflib-tools is already installed # [INFO ] Completed state [afflib-tools] at time 14:41:14.699892 duration_in_ms=6.138 # [INFO ] Running state [afterglow] at time 14:41:14.700088 # [INFO ] Executing state pkg.installed for [afterglow] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package afterglow is already installed # [INFO ] Completed state [afterglow] at time 14:41:14.705430 duration_in_ms=5.342 # [INFO ] Running state [aircrack-ng] at time 14:41:14.705598 # [INFO ] Executing state pkg.installed for [aircrack-ng] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package aircrack-ng is already installed # [INFO ] Completed state [aircrack-ng] at time 14:41:14.710721 duration_in_ms=5.122 # [INFO ] Running state [apache2] at time 14:41:14.710886 # [INFO ] Executing state pkg.installed for [apache2] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package apache2 is already installed # [INFO ] Completed state [apache2] at time 14:41:14.716279 duration_in_ms=5.393 # [INFO ] Running state [arp-scan] at time 14:41:14.716437 # [INFO ] Executing state pkg.installed for [arp-scan] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package arp-scan is already installed # [INFO ] Completed state [arp-scan] at time 14:41:14.721693 duration_in_ms=5.255 # [INFO ] Running state [autopsy] at time 14:41:14.721831 # [INFO ] Executing state pkg.installed for [autopsy] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package autopsy is already installed # [INFO ] Completed state [autopsy] at time 14:41:14.726686 duration_in_ms=4.855 # [INFO ] Running state [bcrypt] at time 14:41:14.726817 # [INFO ] Executing state pkg.installed for [bcrypt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bcrypt is already installed # [INFO ] Completed state [bcrypt] at time 14:41:14.732821 duration_in_ms=6.004 # [INFO ] Running state [bitpim] at time 14:41:14.732981 # [INFO ] Executing state pkg.installed for [bitpim] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bitpim is already installed # [INFO ] Completed state [bitpim] at time 14:41:14.738927 duration_in_ms=5.945 # [INFO ] Running state [bitpim-lib] at time 14:41:14.739109 # [INFO ] Executing state pkg.installed for [bitpim-lib] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bitpim-lib is already installed # [INFO ] Completed state [bitpim-lib] at time 14:41:14.745804 duration_in_ms=6.694 # [INFO ] Running state [bkhive] at time 14:41:14.746079 # [INFO ] Executing state pkg.installed for [bkhive] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bkhive is already installed # [INFO ] Completed state [bkhive] at time 14:41:14.752156 duration_in_ms=6.077 # [INFO ] Running state [bless] at time 14:41:14.752329 # [INFO ] Executing state pkg.installed for [bless] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bless is already installed # [INFO ] Completed state [bless] at time 14:41:14.757436 duration_in_ms=5.107 # [INFO ] Running state [blt] at time 14:41:14.757610 # [INFO ] Executing state pkg.installed for [blt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package blt is already installed # [INFO ] Completed state [blt] at time 14:41:14.762856 duration_in_ms=5.244 # [INFO ] Running state [build-essential] at time 14:41:14.763138 # [INFO ] Executing state pkg.installed for [build-essential] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package build-essential is already installed # [INFO ] Completed state [build-essential] at time 14:41:14.769890 duration_in_ms=6.752 # [INFO ] Running state [bulk-extractor] at time 14:41:14.774276 # [INFO ] Executing state pkg.installed for [bulk-extractor] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bulk-extractor is already installed # [INFO ] Completed state [bulk-extractor] at time 14:41:14.780326 duration_in_ms=6.05 # [INFO ] Running state [cabextract] at time 14:41:14.780547 # [INFO ] Executing state pkg.installed for [cabextract] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cabextract is already installed # [INFO ] Completed state [cabextract] at time 14:41:14.786878 duration_in_ms=6.331 # [INFO ] Running state [ccrypt] at time 14:41:14.787068 # [INFO ] Executing state pkg.installed for [ccrypt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ccrypt is already installed # [INFO ] Completed state [ccrypt] at time 14:41:14.792407 duration_in_ms=5.339 # [INFO ] Running state [cifs-utils] at time 14:41:14.792596 # [INFO ] Executing state pkg.installed for [cifs-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cifs-utils is already installed # [INFO ] Completed state [cifs-utils] at time 14:41:14.798443 duration_in_ms=5.847 # [INFO ] Running state [clamav] at time 14:41:14.798630 # [INFO ] Executing state pkg.installed for [clamav] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package clamav is already installed # [INFO ] Completed state [clamav] at time 14:41:14.803891 duration_in_ms=5.261 # [INFO ] Running state [cmospwd] at time 14:41:14.804059 # [INFO ] Executing state pkg.installed for [cmospwd] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cmospwd is already installed # [INFO ] Completed state [cmospwd] at time 14:41:14.808942 duration_in_ms=4.883 # [INFO ] Running state [cryptcat] at time 14:41:14.809080 # [INFO ] Executing state pkg.installed for [cryptcat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cryptcat is already installed # [INFO ] Completed state [cryptcat] at time 14:41:14.814646 duration_in_ms=5.565 # [INFO ] Running state [cryptsetup] at time 14:41:14.814842 # [INFO ] Executing state pkg.installed for [cryptsetup] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cryptsetup is already installed # [INFO ] Completed state [cryptsetup] at time 14:41:14.820485 duration_in_ms=5.643 # [INFO ] Running state [curl] at time 14:41:14.820647 # [INFO ] Executing state pkg.installed for [curl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package curl is already installed # [INFO ] Completed state [curl] at time 14:41:14.827381 duration_in_ms=6.733 # [INFO ] Running state [dc3dd] at time 14:41:14.827568 # [INFO ] Executing state pkg.installed for [dc3dd] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dc3dd is already installed # [INFO ] Completed state [dc3dd] at time 14:41:14.833179 duration_in_ms=5.611 # [INFO ] Running state [dcfldd] at time 14:41:14.833346 # [INFO ] Executing state pkg.installed for [dcfldd] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dcfldd is already installed # [INFO ] Completed state [dcfldd] at time 14:41:14.838462 duration_in_ms=5.115 # [INFO ] Running state [dconf-tools] at time 14:41:14.838635 # [INFO ] Executing state pkg.installed for [dconf-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dconf-tools is already installed # [INFO ] Completed state [dconf-tools] at time 14:41:14.843931 duration_in_ms=5.296 # [INFO ] Running state [docker-engine] at time 14:41:14.846244 # [INFO ] Executing state pkg.installed for [docker-engine] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package docker-engine is already installed # [INFO ] Completed state [docker-engine] at time 14:41:14.851384 duration_in_ms=5.139 # [INFO ] Running state [driftnet] at time 14:41:14.851544 # [INFO ] Executing state pkg.installed for [driftnet] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package driftnet is already installed # [INFO ] Completed state [driftnet] at time 14:41:14.857067 duration_in_ms=5.523 # [INFO ] Running state [dsniff] at time 14:41:14.857236 # [INFO ] Executing state pkg.installed for [dsniff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dsniff is already installed # [INFO ] Completed state [dsniff] at time 14:41:14.864010 duration_in_ms=6.773 # [INFO ] Running state [dumbpig] at time 14:41:14.864311 # [INFO ] Executing state pkg.installed for [dumbpig] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dumbpig is already installed # [INFO ] Completed state [dumbpig] at time 14:41:14.870028 duration_in_ms=5.716 # [INFO ] Running state [e2fslibs-dev] at time 14:41:14.870194 # [INFO ] Executing state pkg.installed for [e2fslibs-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package e2fslibs-dev is already installed # [INFO ] Completed state [e2fslibs-dev] at time 14:41:14.875519 duration_in_ms=5.324 # [INFO ] Running state [ent] at time 14:41:14.875665 # [INFO ] Executing state pkg.installed for [ent] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ent is already installed # [INFO ] Completed state [ent] at time 14:41:14.880915 duration_in_ms=5.249 # [INFO ] Running state [epic5] at time 14:41:14.881073 # [INFO ] Executing state pkg.installed for [epic5] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package epic5 is already installed # [INFO ] Completed state [epic5] at time 14:41:14.886281 duration_in_ms=5.208 # [INFO ] Running state [etherape] at time 14:41:14.886431 # [INFO ] Executing state pkg.installed for [etherape] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package etherape is already installed # [INFO ] Completed state [etherape] at time 14:41:14.892373 duration_in_ms=5.942 # [INFO ] Running state [ettercap-graphical] at time 14:41:14.892522 # [INFO ] Executing state pkg.installed for [ettercap-graphical] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ettercap-graphical is already installed # [INFO ] Completed state [ettercap-graphical] at time 14:41:14.897501 duration_in_ms=4.979 # [INFO ] Running state [exfat-fuse] at time 14:41:14.897669 # [INFO ] Executing state pkg.installed for [exfat-fuse] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package exfat-fuse is already installed # [INFO ] Completed state [exfat-fuse] at time 14:41:14.903745 duration_in_ms=6.075 # [INFO ] Running state [exfat-utils] at time 14:41:14.903947 # [INFO ] Executing state pkg.installed for [exfat-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package exfat-utils is already installed # [INFO ] Completed state [exfat-utils] at time 14:41:14.909368 duration_in_ms=5.42 # [INFO ] Running state [exif] at time 14:41:14.909533 # [INFO ] Executing state pkg.installed for [exif] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package exif is already installed # [INFO ] Completed state [exif] at time 14:41:14.916002 duration_in_ms=6.467 # [INFO ] Running state [extundelete] at time 14:41:14.916165 # [INFO ] Executing state pkg.installed for [extundelete] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package extundelete is already installed # [INFO ] Completed state [extundelete] at time 14:41:14.921648 duration_in_ms=5.483 # [INFO ] Running state [fdupes] at time 14:41:14.921832 # [INFO ] Executing state pkg.installed for [fdupes] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package fdupes is already installed # [INFO ] Completed state [fdupes] at time 14:41:14.926942 duration_in_ms=5.109 # [INFO ] Running state [feh] at time 14:41:14.927088 # [INFO ] Executing state pkg.installed for [feh] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package feh is already installed # [INFO ] Completed state [feh] at time 14:41:14.932315 duration_in_ms=5.227 # [INFO ] Running state [flasm] at time 14:41:14.932460 # [INFO ] Executing state pkg.installed for [flasm] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package flasm is already installed # [INFO ] Completed state [flasm] at time 14:41:14.937454 duration_in_ms=4.994 # [INFO ] Running state [flex] at time 14:41:14.937587 # [INFO ] Executing state pkg.installed for [flex] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package flex is already installed # [INFO ] Completed state [flex] at time 14:41:14.942668 duration_in_ms=5.081 # [INFO ] Running state [foremost] at time 14:41:14.942813 # [INFO ] Executing state pkg.installed for [foremost] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package foremost is already installed # [INFO ] Completed state [foremost] at time 14:41:14.948714 duration_in_ms=5.9 # [INFO ] Running state [g++] at time 14:41:14.948894 # [INFO ] Executing state pkg.installed for [g++] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package g++ is already installed # [INFO ] Completed state [g++] at time 14:41:14.954174 duration_in_ms=5.279 # [INFO ] Running state [gawk] at time 14:41:14.954349 # [INFO ] Executing state pkg.installed for [gawk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gawk is already installed # [INFO ] Completed state [gawk] at time 14:41:14.960038 duration_in_ms=5.688 # [INFO ] Running state [gcc] at time 14:41:14.960190 # [INFO ] Executing state pkg.installed for [gcc] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gcc is already installed # [INFO ] Completed state [gcc] at time 14:41:14.967017 duration_in_ms=6.827 # [INFO ] Running state [gdb] at time 14:41:14.967176 # [INFO ] Executing state pkg.installed for [gdb] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gdb is already installed # [INFO ] Completed state [gdb] at time 14:41:14.972465 duration_in_ms=5.288 # [INFO ] Running state [gddrescue] at time 14:41:14.972603 # [INFO ] Executing state pkg.installed for [gddrescue] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gddrescue is already installed # [INFO ] Completed state [gddrescue] at time 14:41:14.977756 duration_in_ms=5.153 # [INFO ] Running state [ghex] at time 14:41:14.977898 # [INFO ] Executing state pkg.installed for [ghex] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ghex is already installed # [INFO ] Completed state [ghex] at time 14:41:14.982951 duration_in_ms=5.051 # [INFO ] Running state [git] at time 14:41:14.983102 # [INFO ] Executing state pkg.installed for [git] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package git is already installed # [INFO ] Completed state [git] at time 14:41:14.988639 duration_in_ms=5.536 # [INFO ] Running state [graphviz] at time 14:41:14.988830 # [INFO ] Executing state pkg.installed for [graphviz] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package graphviz is already installed # [INFO ] Completed state [graphviz] at time 14:41:14.994262 duration_in_ms=5.431 # [INFO ] Running state [gthumb] at time 14:41:14.994554 # [INFO ] Executing state pkg.installed for [gthumb] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gthumb is already installed # [INFO ] Completed state [gthumb] at time 14:41:15.000377 duration_in_ms=5.823 # [INFO ] Running state [gzrt] at time 14:41:15.000543 # [INFO ] Executing state pkg.installed for [gzrt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gzrt is already installed # [INFO ] Completed state [gzrt] at time 14:41:15.006673 duration_in_ms=6.129 # [INFO ] Running state [hexedit] at time 14:41:15.006837 # [INFO ] Executing state pkg.installed for [hexedit] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package hexedit is already installed # [INFO ] Completed state [hexedit] at time 14:41:15.011908 duration_in_ms=5.071 # [INFO ] Running state [htop] at time 14:41:15.012056 # [INFO ] Executing state pkg.installed for [htop] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package htop is already installed # [INFO ] Completed state [htop] at time 14:41:15.017628 duration_in_ms=5.571 # [INFO ] Running state [hydra] at time 14:41:15.017794 # [INFO ] Executing state pkg.installed for [hydra] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package hydra is already installed # [INFO ] Completed state [hydra] at time 14:41:15.022805 duration_in_ms=5.01 # [INFO ] Running state [hydra-gtk] at time 14:41:15.022944 # [INFO ] Executing state pkg.installed for [hydra-gtk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package hydra-gtk is already installed # [INFO ] Completed state [hydra-gtk] at time 14:41:15.028213 duration_in_ms=5.268 # [INFO ] Running state [ipython] at time 14:41:15.028354 # [INFO ] Executing state pkg.installed for [ipython] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ipython is already installed # [INFO ] Completed state [ipython] at time 14:41:15.034361 duration_in_ms=6.007 # [INFO ] Running state [jq] at time 14:41:15.034535 # [INFO ] Executing state pkg.installed for [jq] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package jq is already installed # [INFO ] Completed state [jq] at time 14:41:15.039961 duration_in_ms=5.424 # [INFO ] Running state [kdiff3] at time 14:41:15.040141 # [INFO ] Executing state pkg.installed for [kdiff3] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package kdiff3 is already installed # [INFO ] Completed state [kdiff3] at time 14:41:15.046008 duration_in_ms=5.867 # [INFO ] Running state [knocker] at time 14:41:15.046186 # [INFO ] Executing state pkg.installed for [knocker] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package knocker is already installed # [INFO ] Completed state [knocker] at time 14:41:15.051299 duration_in_ms=5.112 # [INFO ] Running state [kpartx] at time 14:41:15.051446 # [INFO ] Executing state pkg.installed for [kpartx] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package kpartx is already installed # [INFO ] Completed state [kpartx] at time 14:41:15.056722 duration_in_ms=5.275 # [INFO ] Running state [lft] at time 14:41:15.056885 # [INFO ] Executing state pkg.installed for [lft] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package lft is already installed # [INFO ] Completed state [lft] at time 14:41:15.062055 duration_in_ms=5.17 # [INFO ] Running state [libafflib-dev] at time 14:41:15.062209 # [INFO ] Executing state pkg.installed for [libafflib-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libafflib-dev is already installed # [INFO ] Completed state [libafflib-dev] at time 14:41:15.067168 duration_in_ms=4.959 # [INFO ] Running state [libafflib0v5] at time 14:41:15.067309 # [INFO ] Executing state pkg.installed for [libafflib0v5] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libafflib0v5 is already installed # [INFO ] Completed state [libafflib0v5] at time 14:41:15.072863 duration_in_ms=5.553 # [INFO ] Running state [libbde] at time 14:41:15.073033 # [INFO ] Executing state pkg.installed for [libbde] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libbde is already installed # [INFO ] Completed state [libbde] at time 14:41:15.078791 duration_in_ms=5.757 # [INFO ] Running state [libbde-tools] at time 14:41:15.079019 # [INFO ] Executing state pkg.installed for [libbde-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libbde-tools is already installed # [INFO ] Completed state [libbde-tools] at time 14:41:15.085553 duration_in_ms=6.534 # [INFO ] Running state [libesedb] at time 14:41:15.085749 # [INFO ] Executing state pkg.installed for [libesedb] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libesedb is already installed # [INFO ] Completed state [libesedb] at time 14:41:15.091060 duration_in_ms=5.31 # [INFO ] Running state [libesedb-tools] at time 14:41:15.091224 # [INFO ] Executing state pkg.installed for [libesedb-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libesedb-tools is already installed # [INFO ] Completed state [libesedb-tools] at time 14:41:15.096627 duration_in_ms=5.402 # [INFO ] Running state [libevt] at time 14:41:15.096795 # [INFO ] Executing state pkg.installed for [libevt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevt is already installed # [INFO ] Completed state [libevt] at time 14:41:15.101980 duration_in_ms=5.185 # [INFO ] Running state [libevt-tools] at time 14:41:15.102127 # [INFO ] Executing state pkg.installed for [libevt-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevt-tools is already installed # [INFO ] Completed state [libevt-tools] at time 14:41:15.107267 duration_in_ms=5.14 # [INFO ] Running state [libevtx] at time 14:41:15.107398 # [INFO ] Executing state pkg.installed for [libevtx] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevtx is already installed # [INFO ] Completed state [libevtx] at time 14:41:15.112344 duration_in_ms=4.946 # [INFO ] Running state [libevtx-tools] at time 14:41:15.112484 # [INFO ] Executing state pkg.installed for [libevtx-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevtx-tools is already installed # [INFO ] Completed state [libevtx-tools] at time 14:41:15.119311 duration_in_ms=6.827 # [INFO ] Running state [libewf] at time 14:41:15.119486 # [INFO ] Executing state pkg.installed for [libewf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf is already installed # [INFO ] Completed state [libewf] at time 14:41:15.125091 duration_in_ms=5.603 # [INFO ] Running state [libewf-dev] at time 14:41:15.125273 # [INFO ] Executing state pkg.installed for [libewf-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf-dev is already installed # [INFO ] Completed state [libewf-dev] at time 14:41:15.131213 duration_in_ms=5.939 # [INFO ] Running state [libewf-python] at time 14:41:15.131370 # [INFO ] Executing state pkg.installed for [libewf-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf-python is already installed # [INFO ] Completed state [libewf-python] at time 14:41:15.136888 duration_in_ms=5.518 # [INFO ] Running state [libewf-tools] at time 14:41:15.137054 # [INFO ] Executing state pkg.installed for [libewf-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf-tools is already installed # [INFO ] Completed state [libewf-tools] at time 14:41:15.141962 duration_in_ms=4.908 # [INFO ] Running state [libffi-dev] at time 14:41:15.142110 # [INFO ] Executing state pkg.installed for [libffi-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libffi-dev is already installed # [INFO ] Completed state [libffi-dev] at time 14:41:15.147285 duration_in_ms=5.174 # [INFO ] Running state [libfuse-dev] at time 14:41:15.147432 # [INFO ] Executing state pkg.installed for [libfuse-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libfuse-dev is already installed # [INFO ] Completed state [libfuse-dev] at time 14:41:15.152341 duration_in_ms=4.909 # [INFO ] Running state [libfvde] at time 14:41:15.154644 # [INFO ] Executing state pkg.installed for [libfvde] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libfvde is already installed # [INFO ] Completed state [libfvde] at time 14:41:15.160924 duration_in_ms=6.279 # [INFO ] Running state [libfvde-tools] at time 14:41:15.161118 # [INFO ] Executing state pkg.installed for [libfvde-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libfvde-tools is already installed # [INFO ] Completed state [libfvde-tools] at time 14:41:15.167698 duration_in_ms=6.58 # [INFO ] Running state [liblightgrep] at time 14:41:15.167871 # [INFO ] Executing state pkg.installed for [liblightgrep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package liblightgrep is already installed # [INFO ] Completed state [liblightgrep] at time 14:41:15.173172 duration_in_ms=5.3 # [INFO ] Running state [libmsiecf] at time 14:41:15.173330 # [INFO ] Executing state pkg.installed for [libmsiecf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libmsiecf is already installed # [INFO ] Completed state [libmsiecf] at time 14:41:15.178767 duration_in_ms=5.436 # [INFO ] Running state [libncurses5-dev] at time 14:41:15.178925 # [INFO ] Executing state pkg.installed for [libncurses5-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libncurses5-dev is already installed # [INFO ] Completed state [libncurses5-dev] at time 14:41:15.184006 duration_in_ms=5.081 # [INFO ] Running state [libnet1] at time 14:41:15.184169 # [INFO ] Executing state pkg.installed for [libnet1] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libnet1 is already installed # [INFO ] Completed state [libnet1] at time 14:41:15.189217 duration_in_ms=5.048 # [INFO ] Running state [libolecf] at time 14:41:15.189345 # [INFO ] Executing state pkg.installed for [libolecf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libolecf is already installed # [INFO ] Completed state [libolecf] at time 14:41:15.194519 duration_in_ms=5.174 # [INFO ] Running state [libparse-win32registry-perl] at time 14:41:15.194672 # [INFO ] Executing state pkg.installed for [libparse-win32registry-perl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libparse-win32registry-perl is already installed # [INFO ] Completed state [libparse-win32registry-perl] at time 14:41:15.200068 duration_in_ms=5.394 # [INFO ] Running state [libpff] at time 14:41:15.200241 # [INFO ] Executing state pkg.installed for [libpff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff is already installed # [INFO ] Completed state [libpff] at time 14:41:15.205910 duration_in_ms=5.668 # [INFO ] Running state [libpff-dev] at time 14:41:15.206130 # [INFO ] Executing state pkg.installed for [libpff-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff-dev is already installed # [INFO ] Completed state [libpff-dev] at time 14:41:15.212110 duration_in_ms=5.978 # [INFO ] Running state [libpff-python] at time 14:41:15.212357 # [INFO ] Executing state pkg.installed for [libpff-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff-python is already installed # [INFO ] Completed state [libpff-python] at time 14:41:15.217951 duration_in_ms=5.594 # [INFO ] Running state [libpff-tools] at time 14:41:15.218117 # [INFO ] Executing state pkg.installed for [libpff-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff-tools is already installed # [INFO ] Completed state [libpff-tools] at time 14:41:15.223417 duration_in_ms=5.298 # [INFO ] Running state [libplist-utils] at time 14:41:15.223573 # [INFO ] Executing state pkg.installed for [libplist-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libplist-utils is already installed # [INFO ] Completed state [libplist-utils] at time 14:41:15.228526 duration_in_ms=4.952 # [INFO ] Running state [libregf] at time 14:41:15.228672 # [INFO ] Executing state pkg.installed for [libregf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf is already installed # [INFO ] Completed state [libregf] at time 14:41:15.234859 duration_in_ms=6.187 # [INFO ] Running state [libregf-dev] at time 14:41:15.235025 # [INFO ] Executing state pkg.installed for [libregf-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf-dev is already installed # [INFO ] Completed state [libregf-dev] at time 14:41:15.240495 duration_in_ms=5.468 # [INFO ] Running state [libregf-python] at time 14:41:15.240660 # [INFO ] Executing state pkg.installed for [libregf-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf-python is already installed # [INFO ] Completed state [libregf-python] at time 14:41:15.247373 duration_in_ms=6.712 # [INFO ] Running state [libregf-tools] at time 14:41:15.247588 # [INFO ] Executing state pkg.installed for [libregf-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf-tools is already installed # [INFO ] Completed state [libregf-tools] at time 14:41:15.253475 duration_in_ms=5.886 # [INFO ] Running state [libssl-dev] at time 14:41:15.253656 # [INFO ] Executing state pkg.installed for [libssl-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libssl-dev is already installed # [INFO ] Completed state [libssl-dev] at time 14:41:15.258704 duration_in_ms=5.048 # [INFO ] Running state [libtext-csv-perl] at time 14:41:15.258837 # [INFO ] Executing state pkg.installed for [libtext-csv-perl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libtext-csv-perl is already installed # [INFO ] Completed state [libtext-csv-perl] at time 14:41:15.264428 duration_in_ms=5.59 # [INFO ] Running state [libvmdk] at time 14:41:15.264610 # [INFO ] Executing state pkg.installed for [libvmdk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvmdk is already installed # [INFO ] Completed state [libvmdk] at time 14:41:15.269851 duration_in_ms=5.241 # [INFO ] Running state [libvshadow] at time 14:41:15.270000 # [INFO ] Executing state pkg.installed for [libvshadow] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow is already installed # [INFO ] Completed state [libvshadow] at time 14:41:15.274778 duration_in_ms=4.778 # [INFO ] Running state [libvshadow-dev] at time 14:41:15.274921 # [INFO ] Executing state pkg.installed for [libvshadow-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow-dev is already installed # [INFO ] Completed state [libvshadow-dev] at time 14:41:15.280110 duration_in_ms=5.187 # [INFO ] Running state [libvshadow-python] at time 14:41:15.280254 # [INFO ] Executing state pkg.installed for [libvshadow-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow-python is already installed # [INFO ] Completed state [libvshadow-python] at time 14:41:15.285628 duration_in_ms=5.374 # [INFO ] Running state [libvshadow-tools] at time 14:41:15.285792 # [INFO ] Executing state pkg.installed for [libvshadow-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow-tools is already installed # [INFO ] Completed state [libvshadow-tools] at time 14:41:15.291535 duration_in_ms=5.743 # [INFO ] Running state [libxml2-dev] at time 14:41:15.291702 # [INFO ] Executing state pkg.installed for [libxml2-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libxml2-dev is already installed # [INFO ] Completed state [libxml2-dev] at time 14:41:15.297755 duration_in_ms=6.052 # [INFO ] Running state [libxslt-dev] at time 14:41:15.297946 # [INFO ] Executing state pkg.installed for [libxslt-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libxslt-dev is already installed # [INFO ] Completed state [libxslt-dev] at time 14:41:15.302958 duration_in_ms=5.01 # [INFO ] Running state [md5deep] at time 14:41:15.303105 # [INFO ] Executing state pkg.installed for [md5deep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package md5deep is already installed # [INFO ] Completed state [md5deep] at time 14:41:15.308662 duration_in_ms=5.556 # [INFO ] Running state [nbd-client] at time 14:41:15.308848 # [INFO ] Executing state pkg.installed for [nbd-client] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nbd-client is already installed # [INFO ] Completed state [nbd-client] at time 14:41:15.314321 duration_in_ms=5.471 # [INFO ] Running state [nbtscan] at time 14:41:15.314500 # [INFO ] Executing state pkg.installed for [nbtscan] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nbtscan is already installed # [INFO ] Completed state [nbtscan] at time 14:41:15.319400 duration_in_ms=4.899 # [INFO ] Running state [netcat] at time 14:41:15.319529 # [INFO ] Executing state pkg.installed for [netcat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netcat is already installed # [INFO ] Completed state [netcat] at time 14:41:15.326064 duration_in_ms=6.534 # [INFO ] Running state [netpbm] at time 14:41:15.326375 # [INFO ] Executing state pkg.installed for [netpbm] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netpbm is already installed # [INFO ] Completed state [netpbm] at time 14:41:15.335536 duration_in_ms=9.16 # [INFO ] Running state [netsed] at time 14:41:15.335805 # [INFO ] Executing state pkg.installed for [netsed] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netsed is already installed # [INFO ] Completed state [netsed] at time 14:41:15.342630 duration_in_ms=6.825 # [INFO ] Running state [netwox] at time 14:41:15.342900 # [INFO ] Executing state pkg.installed for [netwox] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netwox is already installed # [INFO ] Completed state [netwox] at time 14:41:15.350678 duration_in_ms=7.777 # [INFO ] Running state [nfdump] at time 14:41:15.350873 # [INFO ] Executing state pkg.installed for [nfdump] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nfdump is already installed # [INFO ] Completed state [nfdump] at time 14:41:15.355802 duration_in_ms=4.928 # [INFO ] Running state [ngrep] at time 14:41:15.355930 # [INFO ] Executing state pkg.installed for [ngrep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ngrep is already installed # [INFO ] Completed state [ngrep] at time 14:41:15.427153 duration_in_ms=71.223 # [INFO ] Running state [nikto] at time 14:41:15.428676 # [INFO ] Executing state pkg.installed for [nikto] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nikto is already installed # [INFO ] Completed state [nikto] at time 14:41:15.434277 duration_in_ms=5.602 # [INFO ] Running state [okular] at time 14:41:15.434422 # [INFO ] Executing state pkg.installed for [okular] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package okular is already installed # [INFO ] Completed state [okular] at time 14:41:15.439387 duration_in_ms=4.964 # [INFO ] Running state [open-iscsi] at time 14:41:15.439516 # [INFO ] Executing state pkg.installed for [open-iscsi] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package open-iscsi is already installed # [INFO ] Completed state [open-iscsi] at time 14:41:15.446545 duration_in_ms=7.027 # [INFO ] Running state [openjdk-7-jdk] at time 14:41:15.448789 # [INFO ] Executing state pkg.installed for [openjdk-7-jdk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package openjdk-7-jdk is already installed # [INFO ] Completed state [openjdk-7-jdk] at time 14:41:15.453902 duration_in_ms=5.112 # [INFO ] Running state [ophcrack] at time 14:41:15.454032 # [INFO ] Executing state pkg.installed for [ophcrack] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ophcrack is already installed # [INFO ] Completed state [ophcrack] at time 14:41:15.459662 duration_in_ms=5.629 # [INFO ] Running state [ophcrack-cli] at time 14:41:15.459845 # [INFO ] Executing state pkg.installed for [ophcrack-cli] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ophcrack-cli is already installed # [INFO ] Completed state [ophcrack-cli] at time 14:41:15.465782 duration_in_ms=5.936 # [INFO ] Running state [outguess] at time 14:41:15.465966 # [INFO ] Executing state pkg.installed for [outguess] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package outguess is already installed # [INFO ] Completed state [outguess] at time 14:41:15.471410 duration_in_ms=5.444 # [INFO ] Running state [p0f] at time 14:41:15.471571 # [INFO ] Executing state pkg.installed for [p0f] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package p0f is already installed # [INFO ] Completed state [p0f] at time 14:41:15.477361 duration_in_ms=5.79 # [INFO ] Running state [p7zip-full] at time 14:41:15.477522 # [INFO ] Executing state pkg.installed for [p7zip-full] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package p7zip-full is already installed # [INFO ] Completed state [p7zip-full] at time 14:41:15.483182 duration_in_ms=5.659 # [INFO ] Running state [pdftk] at time 14:41:15.483351 # [INFO ] Executing state pkg.installed for [pdftk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pdftk is already installed # [INFO ] Completed state [pdftk] at time 14:41:15.488404 duration_in_ms=5.053 # [INFO ] Running state [perl] at time 14:41:15.488559 # [INFO ] Executing state pkg.installed for [perl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package perl is already installed # [INFO ] Completed state [perl] at time 14:41:15.493834 duration_in_ms=5.275 # [DEBUG ] LazyLoaded cmd.wait # [INFO ] Running state [perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'] at time 14:41:15.496921 # [INFO ] Executing state cmd.wait for [perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'] # [INFO ] No changes made for perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' # [INFO ] Completed state [perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'] at time 14:41:15.497551 duration_in_ms=0.63 # [INFO ] Running state [pev] at time 14:41:15.497728 # [INFO ] Executing state pkg.installed for [pev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pev is already installed # [INFO ] Completed state [pev] at time 14:41:15.504471 duration_in_ms=6.743 # [INFO ] Running state [phonon] at time 14:41:15.504697 # [INFO ] Executing state pkg.installed for [phonon] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package phonon is already installed # [INFO ] Completed state [phonon] at time 14:41:15.511098 duration_in_ms=6.4 # [INFO ] Running state [pkg-config] at time 14:41:15.511362 # [INFO ] Executing state pkg.installed for [pkg-config] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pkg-config is already installed # [INFO ] Completed state [pkg-config] at time 14:41:15.521029 duration_in_ms=9.666 # [DEBUG ] LazyLoaded file.managed # [INFO ] Running state [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] at time 14:41:15.522603 # [INFO ] Executing state file.managed for [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] # [DEBUG ] LazyLoaded roots.envs # [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. # [DEBUG ] Requesting URL https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb using GET method # [INFO ] File /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb is in the correct state # [INFO ] Completed state [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] at time 14:41:40.674042 duration_in_ms=25151.438 # [INFO ] Running state [sift-powershell] at time 14:41:40.676596 # [INFO ] Executing state pkg.installed for [sift-powershell] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Executing command ['dpkg', '-I', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb'] in directory '/home/sansforensics' # [INFO ] All specified packages are already installed # [INFO ] Completed state [sift-powershell] at time 14:41:40.771117 duration_in_ms=94.521 # [INFO ] Running state [pv] at time 14:41:40.771337 # [INFO ] Executing state pkg.installed for [pv] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pv is already installed # [INFO ] Completed state [pv] at time 14:41:40.777942 duration_in_ms=6.604 # [INFO ] Running state [pyew] at time 14:41:40.778109 # [INFO ] Executing state pkg.installed for [pyew] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pyew is already installed # [INFO ] Completed state [pyew] at time 14:41:40.783374 duration_in_ms=5.264 # [INFO ] Running state [python] at time 14:41:40.783536 # [INFO ] Executing state pkg.installed for [python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python is already installed # [INFO ] Completed state [python] at time 14:41:40.790126 duration_in_ms=6.59 # [INFO ] Running state [python-dev] at time 14:41:40.790290 # [INFO ] Executing state pkg.installed for [python-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-dev is already installed # [INFO ] Completed state [python-dev] at time 14:41:40.796319 duration_in_ms=6.029 # [INFO ] Running state [python-dfvfs] at time 14:41:40.803812 # [INFO ] Executing state pkg.installed for [python-dfvfs] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Executing command ['dpkg', '--get-selections', 'python-dfvfs'] in directory '/home/sansforensics' # [INFO ] Version 20160108-1ppa1~xenial of package 'python-dfvfs' is already installed. Package python-dfvfs is already set to be held. # [INFO ] Completed state [python-dfvfs] at time 14:41:40.954177 duration_in_ms=150.366 # [INFO ] Running state [python-flowgrep] at time 14:41:40.954433 # [INFO ] Executing state pkg.installed for [python-flowgrep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-flowgrep is already installed # [INFO ] Completed state [python-flowgrep] at time 14:41:40.960924 duration_in_ms=6.491 # [INFO ] Running state [python-fuse] at time 14:41:40.961080 # [INFO ] Executing state pkg.installed for [python-fuse] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-fuse is already installed # [INFO ] Completed state [python-fuse] at time 14:41:40.970088 duration_in_ms=9.008 # [INFO ] Running state [python-nids] at time 14:41:40.970255 # [INFO ] Executing state pkg.installed for [python-nids] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-nids is already installed # [INFO ] Completed state [python-nids] at time 14:41:40.976175 duration_in_ms=5.919 # [INFO ] Running state [python-ntdsxtract] at time 14:41:40.976322 # [INFO ] Executing state pkg.installed for [python-ntdsxtract] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-ntdsxtract is already installed # [INFO ] Completed state [python-ntdsxtract] at time 14:41:40.983328 duration_in_ms=7.006 # [INFO ] Running state [python-pefile] at time 14:41:40.983620 # [INFO ] Executing state pkg.installed for [python-pefile] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-pefile is already installed # [INFO ] Completed state [python-pefile] at time 14:41:40.989838 duration_in_ms=6.217 # [INFO ] Running state [python-pip] at time 14:41:40.990079 # [INFO ] Executing state pkg.installed for [python-pip] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-pip is already installed # [INFO ] Completed state [python-pip] at time 14:41:40.996703 duration_in_ms=6.623 # [INFO ] Running state [python3-xlsxwriter] at time 14:41:40.996914 # [INFO ] Executing state pkg.removed for [python3-xlsxwriter] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [python3-xlsxwriter] at time 14:41:41.007917 duration_in_ms=11.002 # [INFO ] Running state [python-xlsxwriter] at time 14:41:41.008184 # [INFO ] Executing state pkg.installed for [python-xlsxwriter] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-xlsxwriter is already installed # [INFO ] Completed state [python-xlsxwriter] at time 14:41:41.013913 duration_in_ms=5.729 # [INFO ] Running state [python-plaso] at time 14:41:41.021098 # [INFO ] Executing state pkg.installed for [python-plaso] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Executing command ['dpkg', '--get-selections', 'python-plaso'] in directory '/home/sansforensics' # [INFO ] Version 1.4.0-1ppa3~xenial of package 'python-plaso' is already installed. Package python-plaso is already set to be held. # [INFO ] Completed state [python-plaso] at time 14:41:41.144766 duration_in_ms=123.669 # [INFO ] Running state [pytsk3] at time 14:41:41.145014 # [INFO ] Executing state pkg.removed for [pytsk3] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [pytsk3] at time 14:41:41.155859 duration_in_ms=10.844 # [INFO ] Running state [python-pytsk3] at time 14:41:41.156068 # [INFO ] Executing state pkg.installed for [python-pytsk3] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-pytsk3 is already installed # [INFO ] Completed state [python-pytsk3] at time 14:41:41.162328 duration_in_ms=6.258 # [INFO ] Running state [python-qt4] at time 14:41:41.162503 # [INFO ] Executing state pkg.installed for [python-qt4] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-qt4 is already installed # [INFO ] Completed state [python-qt4] at time 14:41:41.170267 duration_in_ms=7.764 # [INFO ] Running state [python-tk] at time 14:41:41.170567 # [INFO ] Executing state pkg.installed for [python-tk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-tk is already installed # [INFO ] Completed state [python-tk] at time 14:41:41.175888 duration_in_ms=5.321 # [INFO ] Running state [python-virtualenv] at time 14:41:41.176136 # [INFO ] Executing state pkg.installed for [python-virtualenv] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-virtualenv is already installed # [INFO ] Completed state [python-virtualenv] at time 14:41:41.182756 duration_in_ms=6.619 # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] lzma module is not available # [DEBUG ] Registered VCS backend: git # [DEBUG ] Registered VCS backend: hg # [DEBUG ] Registered VCS backend: svn # [DEBUG ] Registered VCS backend: bzr # [DEBUG ] LazyLoaded pip.installed # [INFO ] Running state [colorama] at time 14:41:41.667521 # [INFO ] Executing state pip.installed for [colorama] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package colorama was already installed All packages were successfully installed # [INFO ] Completed state [colorama] at time 14:41:43.601702 duration_in_ms=1934.18 # [INFO ] Running state [construct] at time 14:41:43.605798 # [INFO ] Executing state pip.installed for [construct] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package construct was already installed All packages were successfully installed # [INFO ] Completed state [construct] at time 14:41:45.552961 duration_in_ms=1947.162 # [INFO ] Running state [dpapick] at time 14:41:45.561410 # [INFO ] Executing state pip.installed for [dpapick] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'dpapick'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'dpapick'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: dpapick in /usr/local/lib/python2.7/dist-packages Requirement already up-to-date: python-registry>=1.0.4 in /usr/local/lib/python2.7/dist-packages (from dpapick) Requirement already up-to-date: CFPropertyList in /usr/local/lib/python2.7/dist-packages (from dpapick) Requirement already up-to-date: M2Crypto>=0.21.1 in /usr/local/lib/python2.7/dist-packages (from dpapick) Requirement already up-to-date: pyasn1>=0.1.7 in /usr/local/lib/python2.7/dist-packages (from dpapick) Requirement already up-to-date: enum34 in /usr/local/lib/python2.7/dist-packages (from python-registry>=1.0.4->dpapick) Requirement already up-to-date: typing in /usr/local/lib/python2.7/dist-packages (from M2Crypto>=0.21.1->dpapick) # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [dpapick] at time 14:41:49.036010 duration_in_ms=3474.601 # [INFO ] Running state [distorm3] at time 14:41:49.039283 # [INFO ] Executing state pip.installed for [distorm3] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package distorm3 was already installed All packages were successfully installed # [INFO ] Completed state [distorm3] at time 14:41:50.974820 duration_in_ms=1935.536 # [INFO ] Running state [haystack] at time 14:41:50.977456 # [INFO ] Executing state pip.installed for [haystack] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'haystack'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'haystack'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: haystack in /usr/local/lib/python2.7/dist-packages Requirement already up-to-date: python-ptrace>=0.8.1 in /usr/local/lib/python2.7/dist-packages (from haystack) Requirement already up-to-date: construct<2.8 in /usr/lib/python2.7/dist-packages (from haystack) Requirement already up-to-date: pefile in /usr/local/lib/python2.7/dist-packages (from haystack) Requirement already up-to-date: six in /usr/lib/python2.7/dist-packages (from construct<2.8->haystack) Requirement already up-to-date: future in /usr/local/lib/python2.7/dist-packages (from pefile->haystack) # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [haystack] at time 14:41:54.550503 duration_in_ms=3573.047 # [INFO ] Running state [lxml] at time 14:41:54.556983 # [INFO ] Executing state pip.installed for [lxml] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package lxml was already installed All packages were successfully installed # [INFO ] Completed state [lxml] at time 14:41:56.547208 duration_in_ms=1990.224 # [INFO ] Running state [ioc_writer] at time 14:41:56.555925 # [INFO ] Executing state pip.installed for [ioc_writer] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package ioc_writer was already installed All packages were successfully installed # [INFO ] Completed state [ioc_writer] at time 14:41:58.521047 duration_in_ms=1965.122 # [INFO ] Running state [pefile] at time 14:41:58.527443 # [INFO ] Executing state pip.installed for [pefile] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package pefile was already installed All packages were successfully installed # [INFO ] Completed state [pefile] at time 14:42:00.487584 duration_in_ms=1960.143 # [INFO ] Running state [pycoin] at time 14:42:00.490416 # [INFO ] Executing state pip.installed for [pycoin] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pycoin'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pycoin'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: pycoin in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [pycoin] at time 14:42:04.040159 duration_in_ms=3549.741 # [INFO ] Running state [pysocks] at time 14:42:04.045417 # [INFO ] Executing state pip.installed for [pysocks] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package pysocks was already installed All packages were successfully installed # [INFO ] Completed state [pysocks] at time 14:42:05.948826 duration_in_ms=1903.409 # [INFO ] Running state [simplejson] at time 14:42:05.951709 # [INFO ] Executing state pip.installed for [simplejson] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'simplejson'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'simplejson'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: simplejson in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [simplejson] at time 14:42:09.455995 duration_in_ms=3504.286 # [INFO ] Running state [yara-python] at time 14:42:09.459261 # [INFO ] Executing state pip.installed for [yara-python] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'yara-python'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'yara-python'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: yara-python in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [yara-python] at time 14:42:12.757532 duration_in_ms=3298.272 # [INFO ] Running state [python-volatility] at time 14:42:12.760828 # [INFO ] Executing state pkg.installed for [python-volatility] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-volatility is already installed # [INFO ] Completed state [python-volatility] at time 14:42:12.768496 duration_in_ms=7.668 # [INFO ] Executing command ['git', '--version'] in directory '/home/sansforensics' # [DEBUG ] stdout: git version 2.7.4 # [DEBUG ] LazyLoaded git.latest # [INFO ] Running state [https://github.com/sans-dfir/volatility-plugins-community.git] at time 14:42:12.882565 # [INFO ] Executing state git.latest for [https://github.com/sans-dfir/volatility-plugins-community.git] # [INFO ] Checking remote revision for https://github.com/sans-dfir/volatility-plugins-community.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/sans-dfir/volatility-plugins-community.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: aef986cda5f8b70a8a9cce56445eeaa0880aa83b HEAD aef986cda5f8b70a8a9cce56445eeaa0880aa83b refs/heads/master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/lib/python2.7/dist-packages/volatility/plugins/community # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: acc431996b068ebbad79e19b730ddbf3b14d6221 # [INFO ] Checking local branch for /usr/lib/python2.7/dist-packages/volatility/plugins/community # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/volatilityfoundation/community.git (fetch) origin https://github.com/volatilityfoundation/community.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: diff --git a/AlexanderTarasenko/README.md b/AlexanderTarasenko/README.md deleted file mode 100644 index 8af6e2a..0000000 --- a/AlexanderTarasenko/README.md +++ /dev/null @@ -1,2 +0,0 @@ -Author: Alexander Tarasenko - diff --git a/AlexanderTarasenko/__init__.py b/AlexanderTarasenko/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/AlexanderTarasenko/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/AlexanderTarasenko/windbg.py b/AlexanderTarasenko/windbg.py deleted file mode 100755 index d6712cc..0000000 --- a/AlexanderTarasenko/windbg.py +++ /dev/null @@ -1,67 +0,0 @@ -import volatility.addrspace as addrspace -import volatility.registry as registry -import volatility.obj as obj -import pykd - -class PykdAddressSpace(addrspace.BaseAddressSpace): - - ''' - Windbg address space - ''' - order = 10 - - def __init__(self, base, config, *args, **kwargs): - - self.as_assert(base == None) - self.as_assert(config.LOCATION=='windbg') - self.as_assert(pykd.isKernelDebugging()) - self.dtb = pykd.reg('cr3') - self.nt = pykd.module('nt') - config.KDBG = self.nt.KdCopyDataBlock - self.pageSize = pykd.pageSize() - self.lowPage = pykd.ptrMWord(self.nt.MmLowestPhysicalPage) - self.highPage = pykd.ptrMWord(self.nt.MmHighestPhysicalPage) - self.spaces = [ ( self.lowPage*self.pageSize, (self.highPage -self.lowPage )*self.pageSize) ] - - super(PykdAddressSpace,self).__init__(base,config) - - self.name = "WinDBG Address Space" - - def is_valid_profile(self, profile): - - systemVer = pykd.getSystemVersion() - minor = 3 if systemVer.buildNumber == 9600 else systemVer.win32Minor #fix for minor version for windows 8.1 - - return profile.metadata.get('os', 'Unknown').lower() == 'windows' and \ - profile.metadata.get('memory_model', '32bit') == ( '64bit' if pykd.is64bitSystem() else '32bit' ) and \ - profile.metadata.get('major', 0) == systemVer.win32Major and \ - profile.metadata.get('minor', 0) == minor - - - def read(self, offset, length): - try: - return pykd.loadChars(offset,length,phyAddr=True) - except pykd.MemoryException: - return None - - def zread(self, offset, length): - try: - return pykd.loadChars(offset,length,phyAddr=True) - except pykd.MemoryException: - return '\x00'*length - - def get_address_range(self): - return [ self.lowPage*self.pageSize,(self.highPage + 1)*self.pageSize - 1] - - def get_available_addresses(self): - - for space in self.spaces: - yield space - - def is_valid_address(self, addr): - try: - pykd.loadChars(addr,1,phyAddr=True) - return True - except pykd.MemoryException: - return False - diff --git "a/Lo\303\257cJaquemet/README.md" "b/Lo\303\257cJaquemet/README.md" deleted file mode 100644 index dfddd04..0000000 --- "a/Lo\303\257cJaquemet/README.md" +++ /dev/null @@ -1,208 +0,0 @@ - -The submission should include - - * the source code, - * memory sample demonstrating the capabilities - * description of how the extension is used - * a write up describing the motivation for the work - * why it should win the contest - * a signed "Individual Contributor License Agreement" (please request a copy prior to your submission). - -If you submit multiple plugins, please specify if they should be evaluated as an individual or multiple entries - -Source Code -=========== - -1. https://github.com/trolldbois/volatility_plugins -2. pip install haystack # https://github.com/trolldbois/python-haystack/ -3. pip install ctypeslib2 # https://github.com/trolldbois/ctypeslib -4. pip install python-Levenshtein # - -Memory sample -============= - -The example below are based on - - * zeus.img image from http://malwarecookbook.googlecode.com/svn-history/r26/trunk/17/1/zeus.vmem.zip - * http://secondlookforensics.com/linux-memory-images/centos-6.3-x86_64-LiveDVD-clean.mem.bz2 - -Usage -===== - -1. Install volatility as per instructions -2. `git clone https://github.com/trolldbois/volatility_plugins.git` -3. `vol.py --plugins=volatility_plugins/src/ -f haystack -p -r -c ` - -Plugins: - - * haystackheap: optimised plugin to search for HEAP. please use the constraints file as indicated. - * haystacksearch: generic search for record in all memory space (very slow) - * haystackallocated: search for record in allocated memory chunks only (somewhat experimental) - * haystackshow: load and show the value of a record if loaded from a specific address - * haystackreverse: reverse all allocated structure to file and guesstimate the field type of each structure. - * haystackreversestrings: reverse all strings from allocated memory. - - -For example, to search for all records that could ba a WinXP x86 Heaps in the zeus.vmem image process 1668 and 856: - - zeus.img image from http://malwarecookbook.googlecode.com/svn-history/r26/trunk/17/1/zeus.vmem.zip - -We will use haystackheap to print out the PID and the address of HEAPs. This is a search not using the PEB, -but only the constraints that a HEAP should have. - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackheap -r haystack.allocators.win32.winxp_32.HEAP -c examples/winxpheap.constraints -p 1668 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x250000 - Record HEAP at 0x150000 - Record HEAP at 0x3f0000 - Record HEAP at 0xba0000 - Record HEAP at 0xb70000 - Record HEAP at 0x1620000 - Record HEAP at 0x1eb0000 - Record HEAP at 0x1ec0000 - Record HEAP at 0x7f6f0000 - -Now we use different set of constraint on the values of the HEAP fields. Surprising fantom HEAP appears. - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackheap -r haystack.allocators.win32.winxp_32.HEAP -c examples/winxpheap-relaxed.constraints -p 1668 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x250000 - Record HEAP at 0x150000 - Record HEAP at 0x3f0000 - **Record HEAP at 0x730000** - **Record HEAP at 0x860000** - Record HEAP at 0xba0000 - Record HEAP at 0xb70000 - Record HEAP at 0x1620000 - Record HEAP at 0x1eb0000 - Record HEAP at 0x1ec0000 - **Record HEAP at 0x5d09d000** - **Record HEAP at 0x769f7000** - Record HEAP at 0x7f6f0000 - -You can now compare the content of these HEAPs to better understand why ? (this is a fictitious useless scenario) - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackshow -r haystack.allocators.win32.winxp_32.HEAP -p 1668 -a 0x1eb0000 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x1eb0000 - Record content: - [# --------------- 0x0 - { # - "Entry": { # - [..] - "Signature": 4009750271L, # c_uint - "Flags": 4098L, # c_uint - [..] - "Segments": [ - 0x01eb0640, - 0x01fc0000, - [..] - "LockVariable": 0x01eb0608, - "CommitRoutine": 0x00000000, - "FrontEndHeap": 0x01eb0688, - "FrontHeapLockCount": 0, # c_ushort - "FrontEndHeapType": 1, # c_ubyte - "LastSegmentIndex": 1, # c_ubyte - }] - -and a phantom one: - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackshow -r haystack.allocators.win32.winxp_32.HEAP -p 1668 -a 0x730000 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x730000 - Record content: - [# --------------- 0x0 - { # - "Entry": { # - [..] - "Signature": 4009750271L, # c_uint - "Flags": 9L, # c_uint - [..] - "Segments": [ - 0xbc5d0608, - [..] - "LockVariable": 0x00000000, - "CommitRoutine": 0xbf8b810a, - "FrontEndHeap": 0x00000000, - "FrontHeapLockCount": 0, # c_ushort - "FrontEndHeapType": 0, # c_ubyte - "LastSegmentIndex": 0, # c_ubyte - }] - -Now this can be applied to any type of records in a process memory. - -The haystackallocated plugin should accelerate searches for record present in allocated memory chunks. -The plugin work for windows XP and 7, 32 and 64 bits. Not perfect for Linux images as some bugs exists. - -If you want to search for more that just HEAP structures provided by haystack or in this repository, -you can use ctypeslib to generate your own structures from your favorite C headers. - -You might want to look at https://github.com/trolldbois/ctypeslib to produce your own records. -Keep in mind you might want to generate ctypes for a different architecture than your own. - -For example, to list all OpenSSL cipher session context records from a process - - $ vol.py --plugins=volatility_plugins/src -f somelinux.img -r examples.records_openssl_32.struct_evp_cipher_ctx_st -c examples/openssl.constraints - - -And finally , if you are adventurous, you can try to reverse a process' memory: - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackreverse -p 856 - - [..] - -You will find a few folders named zeus.vmem_856/ with the produce of the reverse in there. - -Interesting files are named headers_values.py - -Based on that a lot of plugins can be made, like a strings extractor. -HaystackReverseStrings is an string extractor. -But instead of parsing the whole memory dumps, it only looks at strings contained into the process -valid memory allocations. - - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackreversestrings -p 856 - - ************************************************************************ - Pid: 856 - 856,0xbf000,0x8 bytes,u'\x...0\n' - 856,0x92020,0x30 bytes,u'C:\\WINDOWS\\setupapi.log\x00' - 856,0xa4028,0x54 bytes,u'Network Location Awareness (NLA) Namespace' - 856,0xb408c,0xac bytes,u'MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{AD92BA6E-D818-40B8-BC01-D4D8A59937A1}] SEQPACKET 2' - 856,0xb428c,0x22 bytes,'%SystemRoot%\sys...m32\mswsock.dll' - [..] - -Motivation for this work -======================== - -These plugins are an interface between the Volatility framework and the haystack framework. - -While Volatility establishes a forensic framework to analyse a system's RAM, the haystack framework is intended to -analyse a process's RAM, allowing a analyst to search for defined structures in a process's memory. - -Most process's memory are composed from a graph of record, linked by pointers fields. The limited space value of these -fields and others constraints allows for the haystack framework to easily identify all instances of -a record type in memory. - - -Why it should win the contest -============================= - -These plugins are an opening of the next level of forensics, into a process's structured memory. - -They open the way to the possibility of searching in memory for a new type of signature. -Not signatures that are bytes-based. -But signatures that are representing the graph that results from memory allocation by malware. - -Plus it also pretty easy to extract SSL session keys, passphrases, binary data as long as the record types are known. - -So this integration and plugins are also a basis for future plugins to easily 'search' for structures, without to have -to guess the location of such records. The records type themselves are usually sufficient. \ No newline at end of file diff --git "a/Lo\303\257cJaquemet/__init__.py" "b/Lo\303\257cJaquemet/__init__.py" deleted file mode 100644 index 8b13789..0000000 --- "a/Lo\303\257cJaquemet/__init__.py" +++ /dev/null @@ -1 +0,0 @@ - diff --git "a/Lo\303\257cJaquemet/vol_haystack.py" "b/Lo\303\257cJaquemet/vol_haystack.py" deleted file mode 100755 index efddcf7..0000000 --- "a/Lo\303\257cJaquemet/vol_haystack.py" +++ /dev/null @@ -1,300 +0,0 @@ -""" -Plugin to find records using the haystack library. - -python vol.py --plugins=contrib/plugins -f ... - -""" - -import sys -from haystack import target -from haystack import api -from haystack import constraints - -from haystack.mappings import base -from haystack.mappings import vol as hvol -from haystack.search import searcher - -import os -import volatility.plugins.taskmods as taskmods - - -class Haystack(taskmods.DllList): - """ - Search for a record in all the memory space. - """ - - my_name = '' - - def _do_haystack(self, task): - pid = task.UniqueProcessId - my_mappings = [] - # get the mappings - address_space = task.get_process_address_space() - for vad in task.VadRoot.traverse(): - # print type(vad) - if vad is None: - continue - offset = vad.obj_offset - start = vad.Start - end = vad.End - tag = vad.Tag - flags = str(vad.u.VadFlags) - perms = hvol.PERMS_PROTECTION[vad.u.VadFlags.Protection.v() & 7] - pathname = '' - if vad.u.VadFlags.PrivateMemory == 1 or not vad.ControlArea: - pathname = '' - elif vad.FileObject: - pathname = str(vad.FileObject.FileName or '') - - pmap = hvol.VolatilityProcessMappingA( - address_space, - start, - end, - permissions=perms, - pathname=pathname) - - my_mappings.append(pmap) - # now build the memory_handler - - # get the platform - profile = None - my_target = None - if 'WinXP' in self.config.PROFILE: - profile = 'winxp' - elif 'Win7' in self.config.PROFILE: - profile = 'win7' - else: - raise ValueError('Profile %s not supported' % self.config.PROFILE) - - if 'x86' in self.config.PROFILE: - my_target = target.TargetPlatform.make_target_win_32(profile) - elif 'x64' in self.config.PROFILE: - my_target = target.TargetPlatform.make_target_win_64(profile) - - # create a memory handler - dumpname = '%s_%d' % (self.config.LOCATION.split('/')[-1],pid) - memory_handler = base.MemoryHandler(my_mappings, my_target, dumpname) - - for res in self.make_results(pid, memory_handler): - yield res - - def make_results(self, pid, memory_handler): - raise NotImplementedError('Implement me') - - -class HaystackSearch(Haystack): - """ - Search for a record in all the memory space. - """ - def __init__(self, config, *args, **kwargs): - self.config = config - taskmods.DllList.__init__(self, config, *args, **kwargs) - config.add_option('RECORD_NAME', short_option='r', default= None, - help='Search for this record type', - action='store', type='str') - config.add_option('CONSTRAINT_FILE', short_option='c', default= None, - help='Using this constraint file', - action='store', type='str') - - def _init_haystack(self): - self.my_name = self.config.PROFILE - # get the structure name and type - self.modulename, sep, self.classname = self.config.RECORD_NAME.rpartition('.') - # parse the constraint file - if self.config.CONSTRAINT_FILE: - handler = constraints.ConstraintsConfigHandler() - self.my_constraints = handler.read(self.config.CONSTRAINT_FILE) - else: - self.my_constraints = None - return - - def make_results(self, pid, memory_handler): - # import the record class in the haystack model - # we need pwd in path - sys.path.append(os.getcwd()) - module = memory_handler.get_model().import_module(self.modulename) - struct_type = getattr(module, self.classname) - for res in self.make_search_results(memory_handler, struct_type, self.my_constraints): - yield pid, res - - def make_search_results(self, memory_handler, struct_type, my_constraints): - # do the search - # do not use the haystack HEAP parsing capabilities - ## PROD - use API - results = api.search_record(memory_handler, struct_type, my_constraints, extended_search=True) - # output handling - ret = api.output_to_python(memory_handler, results) - for instance, addr in ret: - yield addr - - #def generator(self, data): - # self._init_haystack() - # for task in data: - # yield self._search(task) - - def calculate(self): - self._init_haystack() - tasks = taskmods.DllList.calculate(self) - results = [] - for task in tasks: - results.extend([(pid, addr) for pid, addr in self._do_haystack(task)]) - return results - - def render_text(self, outfd, data): - prevpid= None - for pid, addr in data: - if pid != prevpid: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - prevpid = pid - outfd.write('Record %s at 0x%x\n' % (self.classname, addr)) - -# def unified_output(self, data): -# # blank header in case there is no shimcache data -# return TreeGrid([("PID", int), ("Address", int) -# ], self.generator(data)) - - -class HaystackHeap(HaystackSearch): - """ - Search for a record in an optimised way, suitable for windows HEAP search. - """ - def make_search_results(self, memory_handler, struct_type, my_constraints): - ## DEBUG - use optimised search space for HEAP - my_searcher = searcher.AnyOffsetRecordSearcher(memory_handler, my_constraints) - for mapping in memory_handler.get_mappings(): - res = my_searcher._search_in(mapping, struct_type, nb=1, align=0x1000) - if res: - instance, addr = api.output_to_python(memory_handler, res)[0] - yield addr - ## use direct load - # results = api.load_record(memory_handler, struct_type, 0x150000, load_constraints=None) - - -class HaystackAllocated(HaystackSearch): - """ - Search for a record only in allocated memory chunks. - """ - def make_search_results(self, memory_handler, struct_type, my_constraints): - # do the search - # USE the haystack HEAP parsing capabilities - ## PROD - use API - results = api.search_record(memory_handler, struct_type, my_constraints, extended_search=False) - # output handling - ret = api.output_to_python(memory_handler, results) - for instance, addr in ret: - yield addr - - -class HaystackShow(HaystackSearch): - """ - Show the record value - """ - def __init__(self, config, *args, **kwargs): - HaystackSearch.__init__(self, config, *args, **kwargs) - config.add_option('ADDRESS', short_option='a', default= None, - help='Using this address (hex) to load the record', - action='store', type='str') - - def make_search_results(self, memory_handler, struct_type, my_constraints): - addr = int(self.config.ADDRESS, 16) - results = api.load_record(memory_handler, struct_type, addr, load_constraints=my_constraints) - instance = api.output_to_string(memory_handler, [results]) - yield (instance, addr) - - def render_text(self, outfd, data): - for pid, (instance, addr) in data: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - outfd.write('Record %s at 0x%x\n' % (self.classname, addr)) - outfd.write('Record content:\n') - outfd.write(instance) - - -def _print(x): - print x - - -class HaystackReverse(Haystack): - """ - Reverse all the allocated records of a process memory. - - You will need numpy. - """ - def __init__(self, config, *args, **kwargs): - self.config = config - taskmods.DllList.__init__(self, config, *args, **kwargs) - - def make_results(self, pid, memory_handler): - from haystack.reverse import config - from haystack.reverse import api - - finder = memory_handler.get_heap_finder() - dumpname = memory_handler.get_name() - if not os.access(dumpname, os.F_OK): - os.mkdir(dumpname) - - api.reverse_instances(memory_handler) - - process_context = memory_handler.get_reverse_context() - for i, heap in enumerate(finder.get_heap_mappings()): - heap_addr = heap.get_marked_heap_address() - ctx = process_context.get_context_for_heap(heap) - # get the name of the interesting text output for the user. - outdirname = ctx.get_filename_cache_headers() - #config.get_cache_filename(config.CACHE_GENERATED_PY_HEADERS_VALUES, - # ctx.dumpname, - # ctx._heap_start) - yield (pid, heap_addr, outdirname) - - def calculate(self): - tasks = taskmods.DllList.calculate(self) - - results = [] - for task in tasks: - results.extend([res for res in self._do_haystack(task)]) - return results - - def render_text(self, outfd, data): - prevpid= None - for pid, heap_addr, filename in data: - if pid != prevpid: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - prevpid = pid - outfd.write('Heap at 0x%x was reversed in %s\n' % (heap_addr, filename)) - - -class HaystackReverseStrings(HaystackReverse): - """ - Reverse all the strings in allocated chunks of a process memory. - """ - def __init__(self, config, *args, **kwargs): - self.config = config - HaystackReverse.__init__(self, config, *args, **kwargs) - - def make_results(self, pid, memory_handler): - # create all contextes - for x in super(HaystackReverseStrings, self).make_results(pid, memory_handler): - pass - - process_context = memory_handler.get_reverse_context() - # look at each record in each structure for strings - for ctx in process_context.list_contextes(): - for record in ctx.listStructures(): - for field in record.get_fields(): - addr = record.address + field.offset - if field.is_string(): - maxlen = len(field) - value = record.get_value_for_field(field, maxlen+10) - yield (pid, addr, maxlen, value) - - def render_text(self, outfd, data): - prevpid= None - for pid, addr, length, _string in data: - if pid != prevpid: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - outfd.write("Pid, address, size, string") - prevpid = pid - outfd.write('%d,0x%x,0x%x bytes,%s\n' % (pid, addr, length, _string)) diff --git a/MarcinUlikowski/README.md b/MarcinUlikowski/README.md deleted file mode 100755 index c1e7444..0000000 --- a/MarcinUlikowski/README.md +++ /dev/null @@ -1,76 +0,0 @@ -Volatility plugin: bitlocker -============================ - -This plugin finds and extracts BitLocker Full Volume Encryption Key (FVEK) -which can be used to decrypt BitLocker volumes. - -Currently only Windows Vista/7 memory images are supported. - - -Example use case ----------------- - -Evidence #1: John's computer HDD binary image: John_HDD.dd - -Evidence #2: John's computer memory dump: John_Win7SP1x64.raw - -1) Determine the offset of encrypted BitLocker volume. In the following example -it's the second NTFS partition starting from sector 718848. Note the "-FVE-FS-" -signature. - -``` -$ mmls John_HDD.dd -DOS Partition Table -Offset Sector: 0 -Units are in 512-byte sectors - - Slot Start End Length Description -00: Meta 0000000000 0000000000 0000000001 Primary Table (#0) -01: ----- 0000000000 0000002047 0000002048 Unallocated -02: 00:00 0000002048 0000718847 0000716800 NTFS (0x07) -03: 00:01 0000718848 0031455231 0030736384 NTFS (0x07) -04: ----- 0031455232 0031457279 0000002048 Unallocated -$ -$ hexdump -C -s $((718848*512)) -n 16 John_HDD.dd -15f00000 eb 58 90 2d 46 56 45 2d 46 53 2d 00 02 08 00 00 |.X.-FVE-FS-.....| -15f00010 -``` - -2) Use bitlocker plugin to extract FVEK. It's convenient to use optional -argument *--dump-dir* in order to specify the directory in which cipher ID -(first 2 bytes) and FVEK (64 bytes) will be saved. - -``` -$ export VOLATILITY_LOCATION=file://./John_Win7SP1x64.raw -$ export VOLATILITY_PROFILE=Win7SP1x64 -$ -$ python vol.py bitlocker --dump-dir ./keys -Volatility Foundation Volatility Framework 2.5 - -Cipher: AES-128 + Elephant diffuser (0x8000) -FVEK: 2140c8afcbb835127b3b5b97fdcc8b846b7d97fba0c5a2e9dbfef97e263272fa4543af87702c4cee4252eaaa0b7fdc2a96c54aace6e90642a4bbece8afc430c2 -FVEK dumped to: ./keys/0xfa80018fe8c0.fvek - -``` - -3) Use extracted FVEK to decrypt the volume using dislocker in FUSE mode. - -``` -$ sudo dislocker-fuse -V John_HDD.dd -k ./keys/0xfa80018fe8c0.fvek -o $((718848*512)) -- /mnt/ntfs -$ -$ sudo mount -o loop,ro /mnt/ntfs/dislocker-file /mnt/clear -$ -$ ls -lh /mnt/clear -total 730M -lrwxrwxrwx 2 root root 60 Jul 14 2009 Documents and Settings -> /mnt/clear/Users --rwxrwxrwx 1 root root 730M Nov 4 09:39 pagefile.sys -drwxrwxrwx 1 root root 0 Jul 13 2009 PerfLogs -drwxrwxrwx 1 root root 4.0K Nov 4 09:58 ProgramData -drwxrwxrwx 1 root root 4.0K Apr 12 2011 Program Files -drwxrwxrwx 1 root root 4.0K Nov 4 07:01 Program Files (x86) -drwxrwxrwx 1 root root 0 Nov 4 07:04 Recovery -drwxrwxrwx 1 root root 0 Nov 4 09:57 $Recycle.Bin -drwxrwxrwx 1 root root 4.0K Nov 4 07:05 System Volume Information -drwxrwxrwx 1 root root 4.0K Nov 4 09:56 Users -drwxrwxrwx 1 root root 24K Nov 4 09:58 Windows -``` diff --git a/MarcinUlikowski/__init__.py b/MarcinUlikowski/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/MarcinUlikowski/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/MarcinUlikowski/bitlocker.py b/MarcinUlikowski/bitlocker.py deleted file mode 100755 index 385131a..0000000 --- a/MarcinUlikowski/bitlocker.py +++ /dev/null @@ -1,120 +0,0 @@ -# Volatility plugin: bitlocker -# -# Author: -# Marcin Ulikowski -# -# Based on the research by: -# Jesse Kornblum -# -# Special thanks: -# Piotr Chmylkowski -# Romain Coltel -# -# This plugin is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This plugin is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this plugin. If not, see . - - -import os -import volatility.plugins.common as common -import volatility.utils as utils -import volatility.obj as obj -import volatility.poolscan as poolscan -import volatility.debug as debug - - -class bitlocker(common.AbstractWindowsCommand): - '''Extracts BitLocker FVEK (Full Volume Encryption Key)''' - - def __init__(self, config, *args, **kwargs): - common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs) - config.add_option('DUMP-DIR', default = None, help = 'Directory in which to dump cipher ID + FVEK pair') - - @staticmethod - def is_valid_profile(profile): - return (profile.metadata.get('major', 0) == 6 and profile.metadata.get('minor', 0) in [0, 1]) - - def calculate(self): - POOLSIZE_X86_AESDIFF = 976 - POOLSIZE_X86_AESONLY = 504 - POOLSIZE_X64_AESDIFF = 1008 - POOLSIZE_X64_AESONLY = 528 - - OFFSET_DB = { - POOLSIZE_X86_AESDIFF: { - 'CID': 24, - 'FVEK1': 32, - 'FVEK2': 504 - }, - POOLSIZE_X86_AESONLY: { - 'CID': 24, - 'FVEK1': 32, - 'FVEK2': 336 - }, - POOLSIZE_X64_AESDIFF: { - 'CID': 44, - 'FVEK1': 48, - 'FVEK2': 528 - }, - POOLSIZE_X64_AESONLY: { - 'CID': 44, - 'FVEK1': 48, - 'FVEK2': 480 - }, - } - - addr_space = utils.load_as(self._config) - - scanner = poolscan.SinglePoolScanner() - scanner.checks = [ - ('PoolTagCheck', dict(tag = 'FVEc')), - ('CheckPoolSize', dict(condition = lambda x: x in list(OFFSET_DB.keys()))), - ] - - for addr in scanner.scan(addr_space): - pool = obj.Object('_POOL_HEADER', offset = addr, vm = addr_space) - - pool_alignment = obj.VolMagic(pool.obj_vm).PoolAlignment.v() - pool_size = int(pool.BlockSize * pool_alignment) - - cid = addr_space.zread(addr + OFFSET_DB[pool_size]['CID'], 2) - fvek1 = addr_space.zread(addr + OFFSET_DB[pool_size]['FVEK1'], 32) - fvek2 = addr_space.zread(addr + OFFSET_DB[pool_size]['FVEK2'], 32) - - if ord(cid[1]) == 0x80 and ord(cid[0]) <= 0x03: - fvek = fvek1 + fvek2 - yield pool, cid, fvek - - def cipher(self, id): - return { - 0x00: 'AES-128 + Elephant diffuser', - 0x01: 'AES-256 + Elephant diffuser', - 0x02: 'AES-128', - 0x03: 'AES-256' - }.get(id, 'UNKNOWN') - - def render_text(self, outfd, data): - for pool, cid, fvek in data: - debug.debug('FVEc pool found @ {0:#010x}\n'.format(pool.obj_offset)) - - outfd.write('\nCipher: {0} (0x{1:02x}{2:02x})\n'.format(self.cipher(ord(cid[0])), ord(cid[1]), ord(cid[0]))) - outfd.write('FVEK: {}\n'.format(''.join('{:02x}'.format(ord(i)) for i in fvek))) - - if self._config.DUMP_DIR: - full_path = os.path.join(self._config.DUMP_DIR, '{0:#010x}.fvek'.format(pool.obj_offset)) - - with open(full_path, "wb") as fvek_file: - fvek_file.write(cid + fvek) - - outfd.write('FVEK dumped to: {}\n'.format(full_path)) - - outfd.write('\n') diff --git a/TyperHalfpop/README.md b/TyperHalfpop/README.md deleted file mode 100644 index 0407597..0000000 --- a/TyperHalfpop/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Author: Tyler Halfpop - -See https://github.com/tylerph3 for updates and licensing information. \ No newline at end of file diff --git a/TyperHalfpop/__init__.py b/TyperHalfpop/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/TyperHalfpop/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/TyperHalfpop/findevilinfo.py b/TyperHalfpop/findevilinfo.py deleted file mode 100644 index 1e8e981..0000000 --- a/TyperHalfpop/findevilinfo.py +++ /dev/null @@ -1,168 +0,0 @@ -# findevilinfo -__author__ = "Tyler Halfpop" -__version__ = "0.1" -__license__ = "MIT" - -# Yara Rules Directory -YARA_RULES_DIR = "INSERT_YARA_RULES_DIR_HERE" - -# VirusTotal API -# https://www.virustotal.com/en/user//apikey/ -VT_API_KEY = "INSERT_VT_API_KEY_HERE" -VT_URL = "https://www.virustotal.com/vtapi/v2/file/report" -VT_SLEEP = 0 - -import os -import sys -import pefile -import ssl -import json -import urllib -import urllib2 -import math -import yara -import re -from hashlib import sha256 -from time import sleep - -def get_hash(input_file): - """ Return sha256 hash of input file - """ - with open(input_file, "rb") as open_file: - return sha256(open_file.read()).hexdigest() - -def get_VT_verdict(file_hash): - """ Gets the VirusTotal number of hits from VirusTotal example - https://www.virustotal.com/en/documentation/public-api/#getting-file-scans - """ - try: - parameters = {"resource": file_hash, "apikey": VT_API_KEY} - data = urllib.urlencode(parameters) - req = urllib2.Request(VT_URL, data) - response = urllib2.urlopen(req) - json_object = response.read() - response_dict = json.loads(json_object) - verdict = "{} / {}".format(response_dict.get("positives", {}), - response_dict.get("total", {})) - sleep(VT_SLEEP) - if verdict == "{} / {}": - return "Not in VT" - return verdict - except Exception as e: - print "Exception: {}".format(e) - -def check_signed(input_file): - """ Check if a PE file is signed using pefile adapted from disitool by Didier Stevens - https://blog.didierstevens.com/programs/disitool/ - """ - try: - pe = pefile.PE(input_file) - addr = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress - if addr == 0: - return "Unsigned" - return "Signed" - except: - return "Error" - -def get_entropy(input_file): - """ Gets the entropy of file from Ero Carrerra's Blog - http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html - """ - try: - with open(input_file, "rb") as open_file: - data = open_file.read() - if not data: - return 0 - entropy = 0 - for x in range(256): - p_x = float(data.count(chr(x)))/len(data) - if p_x > 0: - entropy += - p_x*math.log(p_x, 2) - return entropy - except: - return "Error" - -def carve(input_file): - """Carve PE files from segments adapted from Alexander Hanel's blog - https://hooked-on-mnemonics.blogspot.com/2013/01/pe-carvpy.html - """ - with open(input_file, "rb") as mem_dump: - c = 1 - # For each address that contains MZ - for y in [tmp.start() for tmp in re.finditer('\x4d\x5a',mem_dump.read())]: - mem_dump.seek(y) - try: - pe = pefile.PE(data=mem_dump.read()) - except: - continue - # Determine file ext - if pe.is_dll() == True: - ext = 'dll' - elif pe.is_driver() == True: - ext = 'sys' - elif pe.is_exe() == True: - ext = 'exe' - else: - ext = 'bin' - - print "Carving {} at {}".format(ext, hex(y)) - - with open(input_file + "_" + str(c) + '.' + ext, 'wb') as out: - out.write(pe.trim()) - - c += 1 - ext = '' - mem_dump.seek(0) - pe.close() - -class YaraClass: - """Walks rule dir, compiling and testing rules, and scans files. - """ - def __init__(self): - """YaraClass initialization that sets verbose, scan and yara directory - """ - try: - self.yara_dir = YARA_RULES_DIR - self.verbose = False - self.compile() - except Exception as e: - print "Init Compile Exception: {}".format(e) - - def compile(self): - """Walks rule dir, tests rules, and compiles them for scanning. - """ - try: - all_rules = {} - for root, directories, files in os.walk(self.yara_dir): - for file in files: - if "yar" in os.path.splitext(file)[1]: - rule_case = os.path.join(root, file) - if self.test_rule(rule_case): - all_rules[file] = rule_case - self.rules = yara.compile(filepaths=all_rules) - except Exception as e: - print "Compile Exception: {}".format(e) - - def test_rule(self, test_case): - """Tests rules to make sure they are valid before using them. If verbose is set will print the invalid rules. - """ - try: - yara.compile(filepath=test_case) - return True - except: - if self.verbose: - print "{} is an invalid rule".format(test_case) - return False - - def scan(self, scan_file): - """Scan method that uses compiled rules to scan a file - """ - try: - matched_rules = [] - matches = self.rules.match(scan_file) - for i in matches: - matched_rules.append(i) - return matched_rules - except Exception as e: - print "Scan Exception: {}".format(e) - return "ERROR" diff --git a/TyperHalfpop/findevilmem.py b/TyperHalfpop/findevilmem.py deleted file mode 100644 index b54dd99..0000000 --- a/TyperHalfpop/findevilmem.py +++ /dev/null @@ -1,94 +0,0 @@ -# findevilmem -__author__ = "Tyler Halfpop" -__version__ = "0.1" -__license__ = "MIT" - -import os -import sys - -import volatility.debug as debug -import volatility.conf as conf -import volatility.utils as utils -import volatility.plugins.taskmods as taskmods - -import findevilinfo - -class findEvilMem(taskmods.MemDump): - """Find potential known bad in memory - """ - - def __init__(self, config, *args, **kwargs): - taskmods.MemDump.__init__(self, config, *args, **kwargs) - self._config.DUMP_DIR = os.getcwd() + os.sep + "dump_tmp" - if not os.path.exists(self._config.DUMP_DIR): - os.mkdir(self._config.DUMP_DIR) - print "Creating Dump Dir {}".format(str(self._config.DUMP_DIR)) - else: - print "Dump Dir Already Exists {}".format(str(self._config.DUMP_DIR)) - - def render_text(self, outfd, data): - """ Dump process memory and check for bad - https://github.com/volatilityfoundation/volatility/blob/master/volatility/plugins/taskmods.py - """ - - # Compile Yara Rules if configured - if findevilinfo.YARA_RULES_DIR != "INSERT_YARA_RULES_DIR_HERE": - outfd.write("Compiling Yara Rules\n") - ys = findevilinfo.YaraClass() - - # render_text from taskmods - for pid, task, pagedata in data: - task_space = task.get_process_address_space() - output_file = os.path.join(self._config.DUMP_DIR, str(pid) + ".dmp") - outfd.write("Writing {0} [{1:6}] to {2}.dmp\n".format(task.ImageFileName, pid, str(pid))) - f = open(output_file, 'wb') - if pagedata: - for p in pagedata: - data = task_space.read(p[0], p[1]) - if data == None: - if self._config.verbose: - outfd.write("Memory Not Accessible: Virtual Address: 0x{0:x} Size: 0x{1:x}\n".format(p[0], p[1])) - else: - f.write(data) - findevilinfo.carve(output_file) - else: - outfd.write("Unable to read pages for task.\n") - f.close() - - self.table_header(outfd, - [("Name", "20"), - ("Hash", "64"), - ("Verdict", "10"), - ("Signed", "8"), - ("Entropy", "12"), - ("Yara", ""),]) - - # Walk dump_tmp dir get hash, signed, entropy, vt verdict, yara - try: - for root, directories, files in os.walk(self._config.DUMP_DIR): - for file in files: - dumped_file = os.path.join(root,file) - file_hash = findevilinfo.get_hash(dumped_file) - signed = findevilinfo.check_signed(dumped_file) - entropy = findevilinfo.get_entropy(dumped_file) - - if findevilinfo.VT_API_KEY == "INSERT_VT_API_KEY_HERE": - verdict = "NO_API_KEY" - else: - verdict = findevilinfo.get_VT_verdict(file_hash) - - if findevilinfo.YARA_RULES_DIR == "INSERT_YARA_RULES_DIR_HERE": - yara_hits = "NO_YARA_RULES_DIR" - else: - yara_hits = ys.scan(dumped_file) - - self.table_row(outfd, - file, - file_hash, - verdict, - signed, - entropy, - yara_hits) - - except Exception as e: - print "Exception: {}".format(e) diff --git a/TyperHalfpop/findevilproc.py b/TyperHalfpop/findevilproc.py deleted file mode 100644 index 4af32f1..0000000 --- a/TyperHalfpop/findevilproc.py +++ /dev/null @@ -1,89 +0,0 @@ -# findevilproc -__author__ = "Tyler Halfpop" -__version__ = "0.1" -__license__ = "MIT" - -import os -import sys - -import volatility.debug as debug -import volatility.conf as conf -import volatility.utils as utils -import volatility.plugins.procdump as procdump -import volatility.plugins.taskmods as taskmods - -import findevilinfo - -class findEvilProc(procdump.ProcDump): - """ Find potential known bad processes - """ - - def __init__(self, config, *args, **kwargs): - procdump.ProcDump.__init__(self, config, *args, **kwargs) - self._config.DUMP_DIR = os.getcwd() + os.sep + "dump_tmp" - if not os.path.exists(self._config.DUMP_DIR): - os.mkdir(self._config.DUMP_DIR) - print "Creating Dump Dir {}".format(str(self._config.DUMP_DIR)) - else: - print "Dump Dir Already Exists {}".format(str(self._config.DUMP_DIR)) - - def render_text(self, outfd, data): - """ Dump processes and check for known bad - https://github.com/volatilityfoundation/volatility/blob/master/volatility/plugins/procdump.py - """ - - # Compile Yara Rules if configured - if findevilinfo.YARA_RULES_DIR != "INSERT_YARA_RULES_DIR_HERE": - ys = findevilinfo.YaraClass() - - # render_text from procdump - self.table_header(outfd, - [("Name", "20"), - ("Result", "25"), - ("Hash", "64"), - ("Verdict", "10"), - ("Signed", "8"), - ("Entropy", "12"), - ("Yara", ""),]) - - for task in data: - task_space = task.get_process_address_space() - if task_space == None: - result = "Error: Cannot acquire process AS" - elif task.Peb == None: - # we must use m() here, because any other attempt to - # reference task.Peb will try to instantiate the _PEB - result = "Error: PEB at {0:#x} is unavailable (possibly due to paging)".format(task.m('Peb')) - elif task_space.vtop(task.Peb.ImageBaseAddress) == None: - result = "Error: ImageBaseAddress at {0:#x} is unavailable (possibly due to paging)".format(task.Peb.ImageBaseAddress) - else: - dump_file = "executable." + str(task.UniqueProcessId) + ".exe" - result = self.dump_pe(task_space, - task.Peb.ImageBaseAddress, - dump_file) - - # Full path of dumped file, get hash, VT, signed, entropy, yara - dumped_file = "{}{}{}".format(self._config.DUMP_DIR, os.sep, dump_file) - - file_hash = findevilinfo.get_hash(dumped_file) - signed = findevilinfo.check_signed(dumped_file) - entropy = findevilinfo.get_entropy(dumped_file) - - if findevilinfo.VT_API_KEY == "INSERT_VT_API_KEY_HERE": - verdict = "NO_API_KEY" - else: - verdict = findevilinfo.get_VT_verdict(file_hash) - - if findevilinfo.YARA_RULES_DIR == "INSERT_YARA_RULES_DIR_HERE": - yara_hits = "NO_YARA_RULES_DIR" - else: - yara_hits = ys.scan(dumped_file) - - self.table_row(outfd, - task.ImageFileName, - result, - file_hash, - verdict, - signed, - entropy, - yara_hits) # [DEBUG ] /usr/lib/python2.7/dist-packages/volatility/plugins/community is up-to-date, but with local changes. Since 'force_reset' is enabled, these local changes will be reset. # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/volatilityfoundation/community.git (fetch) origin https://github.com/volatilityfoundation/community.git (push) # [DEBUG ] Remote 'origin' already exists in git checkout located at /usr/lib/python2.7/dist-packages/volatility/plugins/community, removing so it can be re-added # [INFO ] Executing command ['git', 'remote', 'rm', 'origin'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'remote', 'add', 'origin', 'https://github.com/sans-dfir/volatility-plugins-community.git'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/sans-dfir/volatility-plugins-community.git (fetch) origin https://github.com/sans-dfir/volatility-plugins-community.git (push) # [INFO ] Executing command ['git', 'reset', '--hard', 'acc4319'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: HEAD is now at acc4319 Merge pull request #19 from morallo/master # [INFO ] Executing command ['git', 'branch', '--unset-upstream'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [ERROR ] Command '['git', 'branch', '--unset-upstream']' failed with return code: 128 # [ERROR ] stderr: fatal: Branch 'master' has no upstream information # [ERROR ] retcode: 128 # [ERROR ] Unexpected exception in git.latest state Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/salt/states/git.py", line 1431, in latest password=password) File "/usr/lib/python2.7/dist-packages/salt/modules/git.py", line 679, in branch ignore_retcode=ignore_retcode) File "/usr/lib/python2.7/dist-packages/salt/modules/git.py", line 320, in _git_run raise CommandExecutionError(msg) CommandExecutionError: Command 'git branch --unset-upstream' failed: fatal: Branch 'master' has no upstream information # [ERROR ] {'forced update': True} # [INFO ] Completed state [https://github.com/sans-dfir/volatility-plugins-community.git] at time 14:42:15.740379 duration_in_ms=2857.813 # [DEBUG ] LazyLoaded acme.cert # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] at time 14:42:15.903023 # [INFO ] Executing state file.recurse for [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/sqlite_help.py' to resolve 'salt://sift/files/volatility/sqlite_help.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/sqlite_help.py' to resolve 'salt://sift/files/volatility/sqlite_help.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/pstotal.py' to resolve 'salt://sift/files/volatility/pstotal.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/pstotal.py' to resolve 'salt://sift/files/volatility/pstotal.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/__init__.py' to resolve 'salt://sift/files/volatility/__init__.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/__init__.py' to resolve 'salt://sift/files/volatility/__init__.py' # [INFO ] The directory /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ is in the correct state # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] at time 14:42:15.985563 duration_in_ms=82.54 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] at time 14:42:15.990617 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] at time 14:42:15.991130 duration_in_ms=0.513 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] at time 14:42:15.995806 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] at time 14:42:15.996294 duration_in_ms=0.488 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] at time 14:42:16.001769 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] at time 14:42:16.002363 duration_in_ms=0.595 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] at time 14:42:16.007637 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] at time 14:42:16.008159 duration_in_ms=0.522 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] at time 14:42:16.012981 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] at time 14:42:16.013461 duration_in_ms=0.48 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] at time 14:42:16.019040 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] at time 14:42:16.019669 duration_in_ms=0.63 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] at time 14:42:16.024818 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] at time 14:42:16.025438 duration_in_ms=0.62 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] at time 14:42:16.031064 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] at time 14:42:16.031616 duration_in_ms=0.554 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] at time 14:42:16.037368 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] at time 14:42:16.038081 duration_in_ms=0.713 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] at time 14:42:16.043315 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] at time 14:42:16.043781 duration_in_ms=0.466 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] at time 14:42:16.048649 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] at time 14:42:16.049114 duration_in_ms=0.465 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] at time 14:42:16.053918 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] at time 14:42:16.054394 duration_in_ms=0.475 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] at time 14:42:16.059102 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] at time 14:42:16.059583 duration_in_ms=0.481 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] at time 14:42:16.064900 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] at time 14:42:16.065756 duration_in_ms=0.856 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] at time 14:42:16.071536 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] at time 14:42:16.072312 duration_in_ms=0.777 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] at time 14:42:16.078082 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] at time 14:42:16.078680 duration_in_ms=0.599 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] at time 14:42:16.084162 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] at time 14:42:16.084946 duration_in_ms=0.785 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] at time 14:42:16.090087 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] at time 14:42:16.090550 duration_in_ms=0.463 # [INFO ] Running state [python-yara] at time 14:42:16.090695 # [INFO ] Executing state pkg.installed for [python-yara] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-yara is already installed # [INFO ] Completed state [python-yara] at time 14:42:16.096459 duration_in_ms=5.764 # [INFO ] Running state [qemu] at time 14:42:16.096599 # [INFO ] Executing state pkg.installed for [qemu] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package qemu is already installed # [INFO ] Completed state [qemu] at time 14:42:16.102414 duration_in_ms=5.813 # [INFO ] Running state [qemu-utils] at time 14:42:16.102584 # [INFO ] Executing state pkg.installed for [qemu-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package qemu-utils is already installed # [INFO ] Completed state [qemu-utils] at time 14:42:16.108043 duration_in_ms=5.459 # [INFO ] Running state [radare2] at time 14:42:16.108244 # [INFO ] Executing state pkg.installed for [radare2] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package radare2 is already installed # [INFO ] Completed state [radare2] at time 14:42:16.113896 duration_in_ms=5.65 # [INFO ] Running state [rar] at time 14:42:16.115619 # [INFO ] Executing state pkg.installed for [rar] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package rar is already installed # [INFO ] Completed state [rar] at time 14:42:16.123067 duration_in_ms=7.448 # [INFO ] Running state [readpst] at time 14:42:16.123269 # [INFO ] Executing state pkg.installed for [readpst] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package readpst is already installed # [INFO ] Completed state [readpst] at time 14:42:16.128797 duration_in_ms=5.527 # [INFO ] Running state [rsakeyfind] at time 14:42:16.128977 # [INFO ] Executing state pkg.installed for [rsakeyfind] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package rsakeyfind is already installed # [INFO ] Completed state [rsakeyfind] at time 14:42:16.134594 duration_in_ms=5.616 # [INFO ] Running state [safecopy] at time 14:42:16.134787 # [INFO ] Executing state pkg.installed for [safecopy] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package safecopy is already installed # [INFO ] Completed state [safecopy] at time 14:42:16.139890 duration_in_ms=5.103 # [INFO ] Running state [samba] at time 14:42:16.140118 # [INFO ] Executing state pkg.installed for [samba] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package samba is already installed # [INFO ] Completed state [samba] at time 14:42:16.146293 duration_in_ms=6.175 # [INFO ] Running state [samdump2] at time 14:42:16.146456 # [INFO ] Executing state pkg.installed for [samdump2] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package samdump2 is already installed # [INFO ] Completed state [samdump2] at time 14:42:16.152174 duration_in_ms=5.717 # [INFO ] Running state [scalpel] at time 14:42:16.152381 # [INFO ] Executing state pkg.installed for [scalpel] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package scalpel is already installed # [INFO ] Completed state [scalpel] at time 14:42:16.158020 duration_in_ms=5.638 # [INFO ] Running state [sleuthkit] at time 14:42:16.158206 # [INFO ] Executing state pkg.installed for [sleuthkit] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package sleuthkit is already installed # [INFO ] Completed state [sleuthkit] at time 14:42:16.164644 duration_in_ms=6.436 # [INFO ] Running state [socat] at time 14:42:16.164841 # [INFO ] Executing state pkg.installed for [socat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package socat is already installed # [INFO ] Completed state [socat] at time 14:42:16.170747 duration_in_ms=5.906 # [INFO ] Running state [ssdeep] at time 14:42:16.170912 # [INFO ] Executing state pkg.installed for [ssdeep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ssdeep is already installed # [INFO ] Completed state [ssdeep] at time 14:42:16.176896 duration_in_ms=5.983 # [INFO ] Running state [ssldump] at time 14:42:16.177077 # [INFO ] Executing state pkg.installed for [ssldump] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ssldump is already installed # [INFO ] Completed state [ssldump] at time 14:42:16.182100 duration_in_ms=5.022 # [INFO ] Running state [sslsniff] at time 14:42:16.182252 # [INFO ] Executing state pkg.installed for [sslsniff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package sslsniff is already installed # [INFO ] Completed state [sslsniff] at time 14:42:16.187780 duration_in_ms=5.528 # [INFO ] Running state [stunnel4] at time 14:42:16.187931 # [INFO ] Executing state pkg.installed for [stunnel4] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package stunnel4 is already installed # [INFO ] Completed state [stunnel4] at time 14:42:16.193197 duration_in_ms=5.265 # [INFO ] Running state [system-config-samba] at time 14:42:16.193343 # [INFO ] Executing state pkg.installed for [system-config-samba] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package system-config-samba is already installed # [INFO ] Completed state [system-config-samba] at time 14:42:16.198967 duration_in_ms=5.623 # [INFO ] Running state [tcl] at time 14:42:16.199286 # [INFO ] Executing state pkg.installed for [tcl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcl is already installed # [INFO ] Completed state [tcl] at time 14:42:16.205459 duration_in_ms=6.172 # [INFO ] Running state [tcpflow] at time 14:42:16.205696 # [INFO ] Executing state pkg.installed for [tcpflow] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpflow is already installed # [INFO ] Completed state [tcpflow] at time 14:42:16.211787 duration_in_ms=6.091 # [INFO ] Running state [tcpick] at time 14:42:16.211993 # [INFO ] Executing state pkg.installed for [tcpick] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpick is already installed # [INFO ] Completed state [tcpick] at time 14:42:16.217307 duration_in_ms=5.314 # [INFO ] Running state [tcpreplay] at time 14:42:16.217494 # [INFO ] Executing state pkg.installed for [tcpreplay] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpreplay is already installed # [INFO ] Completed state [tcpreplay] at time 14:42:16.222973 duration_in_ms=5.479 # [INFO ] Running state [tcpslice] at time 14:42:16.223186 # [INFO ] Executing state pkg.installed for [tcpslice] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpslice is already installed # [INFO ] Completed state [tcpslice] at time 14:42:16.228142 duration_in_ms=4.956 # [INFO ] Running state [tcpstat] at time 14:42:16.228279 # [INFO ] Executing state pkg.installed for [tcpstat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpstat is already installed # [INFO ] Completed state [tcpstat] at time 14:42:16.233818 duration_in_ms=5.538 # [INFO ] Running state [tcptrace] at time 14:42:16.234004 # [INFO ] Executing state pkg.installed for [tcptrace] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcptrace is already installed # [INFO ] Completed state [tcptrace] at time 14:42:16.240224 duration_in_ms=6.22 # [INFO ] Running state [tcptrack] at time 14:42:16.240425 # [INFO ] Executing state pkg.installed for [tcptrack] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcptrack is already installed # [INFO ] Completed state [tcptrack] at time 14:42:16.246259 duration_in_ms=5.833 # [INFO ] Running state [tcpxtract] at time 14:42:16.246445 # [INFO ] Executing state pkg.installed for [tcpxtract] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpxtract is already installed # [INFO ] Completed state [tcpxtract] at time 14:42:16.253424 duration_in_ms=6.979 # [INFO ] Running state [testdisk] at time 14:42:16.253612 # [INFO ] Executing state pkg.installed for [testdisk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package testdisk is already installed # [INFO ] Completed state [testdisk] at time 14:42:16.258750 duration_in_ms=5.138 # [INFO ] Running state [tofrodos] at time 14:42:16.258913 # [INFO ] Executing state pkg.installed for [tofrodos] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tofrodos is already installed # [INFO ] Completed state [tofrodos] at time 14:42:16.265570 duration_in_ms=6.657 # [INFO ] Running state [transmission] at time 14:42:16.265750 # [INFO ] Executing state pkg.installed for [transmission] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package transmission is already installed # [INFO ] Completed state [transmission] at time 14:42:16.271214 duration_in_ms=5.464 # [INFO ] Running state [unity-control-center] at time 14:42:16.271358 # [INFO ] Executing state pkg.installed for [unity-control-center] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package unity-control-center is already installed # [INFO ] Completed state [unity-control-center] at time 14:42:16.276411 duration_in_ms=5.053 # [INFO ] Running state [unrar] at time 14:42:16.277940 # [INFO ] Executing state pkg.installed for [unrar] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package unrar is already installed # [INFO ] Completed state [unrar] at time 14:42:16.283631 duration_in_ms=5.689 # [INFO ] Running state [upx-ucl] at time 14:42:16.283798 # [INFO ] Executing state pkg.installed for [upx-ucl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package upx-ucl is already installed # [INFO ] Completed state [upx-ucl] at time 14:42:16.289384 duration_in_ms=5.586 # [INFO ] Running state [vbindiff] at time 14:42:16.289640 # [INFO ] Executing state pkg.installed for [vbindiff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package vbindiff is already installed # [INFO ] Completed state [vbindiff] at time 14:42:16.295359 duration_in_ms=5.718 # [INFO ] Running state [vim] at time 14:42:16.295564 # [INFO ] Executing state pkg.installed for [vim] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package vim is already installed # [INFO ] Completed state [vim] at time 14:42:16.301564 duration_in_ms=6.0 # [INFO ] Running state [virtuoso-minimal] at time 14:42:16.301740 # [INFO ] Executing state pkg.installed for [virtuoso-minimal] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package virtuoso-minimal is already installed # [INFO ] Completed state [virtuoso-minimal] at time 14:42:16.306727 duration_in_ms=4.987 # [INFO ] Running state [vmfs-tools] at time 14:42:16.306873 # [INFO ] Executing state pkg.installed for [vmfs-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package vmfs-tools is already installed # [INFO ] Completed state [vmfs-tools] at time 14:42:16.312521 duration_in_ms=5.648 # [INFO ] Running state [winbind] at time 14:42:16.312680 # [INFO ] Executing state pkg.installed for [winbind] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package winbind is already installed # [INFO ] Completed state [winbind] at time 14:42:16.318199 duration_in_ms=5.519 # [INFO ] Running state [dpkg --add-architecture i386] at time 14:42:16.318367 # [INFO ] Executing state cmd.run for [dpkg --add-architecture i386] # [INFO ] Executing command 'dpkg --print-foreign-architectures | grep i386' in directory '/home/sansforensics' # [DEBUG ] output: i386 # [DEBUG ] Last command return code: 0 # [INFO ] unless execution succeeded # [INFO ] Completed state [dpkg --add-architecture i386] at time 14:42:16.404956 duration_in_ms=86.589 # [INFO ] Running state [sift-wine-apt-update] at time 14:42:16.407840 # [INFO ] Executing state pkg.uptodate for [sift-wine-apt-update] # [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' # [INFO ] Executing command ['apt-get', '--just-print', 'dist-upgrade'] in directory '/home/sansforensics' # [INFO ] System is already up-to-date # [INFO ] Completed state [sift-wine-apt-update] at time 14:42:29.591357 duration_in_ms=13183.525 # [INFO ] Running state [wine] at time 14:42:29.594294 # [INFO ] Executing state pkg.installed for [wine] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package wine is already installed # [INFO ] Completed state [wine] at time 14:42:29.600301 duration_in_ms=6.007 # [INFO ] Running state [wireshark] at time 14:42:29.600452 # [INFO ] Executing state pkg.installed for [wireshark] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package wireshark is already installed # [INFO ] Completed state [wireshark] at time 14:42:29.605659 duration_in_ms=5.206 # [INFO ] Running state [xdot] at time 14:42:29.605831 # [INFO ] Executing state pkg.installed for [xdot] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xdot is already installed # [INFO ] Completed state [xdot] at time 14:42:29.611225 duration_in_ms=5.394 # [INFO ] Running state [xfsprogs] at time 14:42:29.611431 # [INFO ] Executing state pkg.installed for [xfsprogs] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xfsprogs is already installed # [INFO ] Completed state [xfsprogs] at time 14:42:29.616774 duration_in_ms=5.343 # [INFO ] Running state [xmount] at time 14:42:29.616910 # [INFO ] Executing state pkg.installed for [xmount] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xmount is already installed # [INFO ] Completed state [xmount] at time 14:42:29.622885 duration_in_ms=5.975 # [INFO ] Running state [xpdf] at time 14:42:29.623082 # [INFO ] Executing state pkg.installed for [xpdf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xpdf is already installed # [INFO ] Completed state [xpdf] at time 14:42:29.629342 duration_in_ms=6.26 # [INFO ] Running state [zenity] at time 14:42:29.629510 # [INFO ] Executing state pkg.installed for [zenity] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package zenity is already installed # [INFO ] Completed state [zenity] at time 14:42:29.635353 duration_in_ms=5.843 # [INFO ] Running state [analyzemft] at time 14:42:29.885959 # [INFO ] Executing state pip.installed for [analyzemft] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package analyzemft was already installed All packages were successfully installed # [INFO ] Completed state [analyzemft] at time 14:42:31.913963 duration_in_ms=2028.004 # [INFO ] Running state [argparse] at time 14:42:31.917348 # [INFO ] Executing state pip.installed for [argparse] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'argparse'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'argparse'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already satisfied: argparse in /usr/lib/python2.7 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] There was no error installing package 'argparse' although it does not show when calling 'pip.freeze'. # [INFO ] Completed state [argparse] at time 14:42:35.112484 duration_in_ms=3195.135 # [INFO ] Running state [bitstring] at time 14:42:35.117778 # [INFO ] Executing state pip.installed for [bitstring] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package bitstring was already installed All packages were successfully installed # [INFO ] Completed state [bitstring] at time 14:42:37.005017 duration_in_ms=1887.239 # [INFO ] Running state [docopt] at time 14:42:37.005514 # [INFO ] Executing state pip.installed for [docopt] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package docopt was already installed All packages were successfully installed # [INFO ] Completed state [docopt] at time 14:42:38.967936 duration_in_ms=1962.42 # [INFO ] Running state [geoip2] at time 14:42:38.972210 # [INFO ] Executing state pip.installed for [geoip2] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package geoip2 was already installed All packages were successfully installed # [INFO ] Completed state [geoip2] at time 14:42:40.948606 duration_in_ms=1976.396 # [INFO ] Running state [pip] at time 14:42:40.951392 # [INFO ] Executing state pip.installed for [pip] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pip'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pip'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: pip in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [pip] at time 14:42:45.178028 duration_in_ms=4226.635 # [INFO ] Running state [python-dateutil >= 2.4.2] at time 14:42:45.181237 # [INFO ] Executing state pip.installed for [python-dateutil >= 2.4.2] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-dateutil >= 2.4.2 was already installed All packages were successfully installed # [INFO ] Completed state [python-dateutil >= 2.4.2] at time 14:42:47.701259 duration_in_ms=2520.019 # [INFO ] Running state [python-evtx] at time 14:42:47.706583 # [INFO ] Executing state pip.installed for [python-evtx] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-evtx was already installed All packages were successfully installed # [INFO ] Completed state [python-evtx] at time 14:42:49.558118 duration_in_ms=1851.535 # [INFO ] Running state [python-magic] at time 14:42:49.561921 # [INFO ] Executing state pip.installed for [python-magic] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-magic was already installed All packages were successfully installed # [INFO ] Completed state [python-magic] at time 14:42:51.511292 duration_in_ms=1949.37 # [INFO ] Running state [python-registry] at time 14:42:51.514002 # [INFO ] Executing state pip.installed for [python-registry] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-registry was already installed All packages were successfully installed # [INFO ] Completed state [python-registry] at time 14:42:53.386019 duration_in_ms=1872.013 # [INFO ] Running state [setuptools] at time 14:42:53.396008 # [INFO ] Executing state pip.installed for [setuptools] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'setuptools'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'setuptools'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: setuptools in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [setuptools] at time 14:42:57.045200 duration_in_ms=3649.194 # [INFO ] Running state [wheel] at time 14:42:57.048006 # [INFO ] Executing state pip.installed for [wheel] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'wheel'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'wheel'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: wheel in /usr/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [wheel] at time 14:43:00.294507 duration_in_ms=3246.5 # [INFO ] Running state [/opt/rekall] at time 14:43:00.298993 # [INFO ] Executing state virtualenv.managed for [/opt/rekall] # [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) # [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/rekall/bin/pip', 'install', 'pip', 'setuptools', 'wheel', 'rekall'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/rekall'}} # [INFO ] Executing command ['/opt/rekall/bin/pip', 'install', 'pip', 'setuptools', 'wheel', 'rekall'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already satisfied: pip in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: setuptools in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: wheel in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: rekall in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: ipython<6.0,>=5.0.0 in /opt/rekall/lib/python2.7/site-packages (from rekall) Requirement already satisfied: readline; sys_platform != "win32" in /opt/rekall/lib/python2.7/site-packages (from rekall) Requirement already satisfied: rekall-core>=1.5.0 in /opt/rekall/lib/python2.7/site-packages (from rekall) Requirement already satisfied: pickleshare in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: simplegeneric>0.8 in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: traitlets>=4.2 in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: backports.shutil-get-terminal-size; python_version == "2.7" in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: decorator in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: pygments in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: pexpect; sys_platform != "win32" in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: pathlib2; python_version == "2.7" or python_version == "3.3" in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: prompt-toolkit<2.0.0,>=1.0.4 in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: psutil<5.0,>=4.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pytsk3==20160721 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pyelftools==0.24 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: intervaltree==2.1.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: python-dateutil==2.5.3 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: acora==2.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: PyYAML==3.11 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: ipaddr==2.1.11 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: artifacts==20160114 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pycrypto==2.6.1 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pytz==2016.4 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: rekall-capstone==3.0.4.post2 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: efilter==1!1.3 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pyaff4<0.30,>=0.24 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: rekall-yara==3.4.0.1 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pyparsing==2.1.5 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: arrow==0.7.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: sortedcontainers==1.4.4 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: enum34; python_version == "2.7" in /opt/rekall/lib/python2.7/site-packages (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: six in /opt/rekall/lib/python2.7/site-packages (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: ipython-genutils in /opt/rekall/lib/python2.7/site-packages (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: ptyprocess>=0.5 in /opt/rekall/lib/python2.7/site-packages (from pexpect; sys_platform != "win32"->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: scandir; python_version < "3.5" in /opt/rekall/lib/python2.7/site-packages (from pathlib2; python_version == "2.7" or python_version == "3.3"->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: wcwidth in /opt/rekall/lib/python2.7/site-packages (from prompt-toolkit<2.0.0,>=1.0.4->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: aff4-snappy==0.5 in /opt/rekall/lib/python2.7/site-packages (from pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: rdflib==4.2.1 in /opt/rekall/lib/python2.7/site-packages (from pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: isodate in /opt/rekall/lib/python2.7/site-packages (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: SPARQLWrapper in /opt/rekall/lib/python2.7/site-packages (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: html5lib in /opt/rekall/lib/python2.7/site-packages (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: webencodings in /opt/rekall/lib/python2.7/site-packages (from html5lib->rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) # [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] virtualenv exists # [INFO ] Completed state [/opt/rekall] at time 14:43:02.811665 duration_in_ms=2512.672 # [INFO ] Running state [rekall] at time 14:43:02.825697 # [INFO ] Executing state pip.installed for [rekall] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) # [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/rekall/bin/pip', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/rekall'}} # [INFO ] Executing command ['/opt/rekall/bin/pip', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package rekall was already installed All packages were successfully installed # [INFO ] Completed state [rekall] at time 14:43:04.251740 duration_in_ms=1426.042 # [INFO ] Running state [six] at time 14:43:04.254497 # [INFO ] Executing state pip.installed for [six] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package six was already installed All packages were successfully installed # [INFO ] Completed state [six] at time 14:43:06.260174 duration_in_ms=2005.676 # [INFO ] Running state [stix] at time 14:43:06.267549 # [INFO ] Executing state pip.installed for [stix] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package stix was already installed All packages were successfully installed # [INFO ] Completed state [stix] at time 14:43:08.237219 duration_in_ms=1969.669 # [INFO ] Running state [stix-validator] at time 14:43:08.243807 # [INFO ] Executing state pip.installed for [stix-validator] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package stix-validator was already installed All packages were successfully installed # [INFO ] Completed state [stix-validator] at time 14:43:10.176220 duration_in_ms=1932.412 # [INFO ] Running state [timesketch] at time 14:43:10.185864 # [INFO ] Executing state pip.installed for [timesketch] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package timesketch was already installed All packages were successfully installed # [INFO ] Completed state [timesketch] at time 14:43:12.077573 duration_in_ms=1891.707 # [INFO ] Running state [unicodecsv] at time 14:43:12.083028 # [INFO ] Executing state pip.installed for [unicodecsv] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package unicodecsv was already installed All packages were successfully installed # [INFO ] Completed state [unicodecsv] at time 14:43:13.939666 duration_in_ms=1856.638 # [INFO ] Running state [usnparser] at time 14:43:13.944000 # [INFO ] Executing state pip.installed for [usnparser] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package usnparser was already installed All packages were successfully installed # [INFO ] Completed state [usnparser] at time 14:43:15.888075 duration_in_ms=1944.075 # [INFO ] Running state [virustotal-api] at time 14:43:15.889988 # [INFO ] Executing state pip.installed for [virustotal-api] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package virustotal-api was already installed All packages were successfully installed # [INFO ] Completed state [virustotal-api] at time 14:43:17.864967 duration_in_ms=1974.977 # [INFO ] Running state [windowsprefetch] at time 14:43:17.870242 # [INFO ] Executing state pip.installed for [windowsprefetch] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package windowsprefetch was already installed All packages were successfully installed # [INFO ] Completed state [windowsprefetch] at time 14:43:19.870312 duration_in_ms=2000.07 # [INFO ] Running state [sift-python-packages] at time 14:43:19.928997 # [INFO ] Executing state test.nop for [sift-python-packages] # [INFO ] Success! # [INFO ] Completed state [sift-python-packages] at time 14:43:19.929774 duration_in_ms=0.777 # [INFO ] Running state [/usr/local/src/densityscout/densityscout_build_45_linux] at time 14:43:19.929969 # [INFO ] Executing state archive.extracted for [/usr/local/src/densityscout/densityscout_build_45_linux] # [DEBUG ] Requesting URL http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip using GET method # [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip', 'result': True} # [DEBUG ] Checking http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip to see if it is password-protected # [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip # [INFO ] /usr/local/bin/densityscout-build-45 exists # [INFO ] Completed state [/usr/local/src/densityscout/densityscout_build_45_linux] at time 14:43:20.280553 duration_in_ms=350.581 # [INFO ] Running state [/usr/local/bin/densityscout-build-45] at time 14:43:20.289978 # [INFO ] Executing state file.copy for [/usr/local/bin/densityscout-build-45] # [INFO ] The target file "/usr/local/bin/densityscout-build-45" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/densityscout-build-45] at time 14:43:20.293492 duration_in_ms=3.513 # [INFO ] Running state [/usr/local/bin/densityscout] at time 14:43:20.302823 # [INFO ] Executing state file.symlink for [/usr/local/bin/densityscout] # [INFO ] Symlink /usr/local/bin/densityscout is present and owned by root:root # [INFO ] Completed state [/usr/local/bin/densityscout] at time 14:43:20.306385 duration_in_ms=3.561 # [INFO ] Running state [/usr/local/bin/sift] at time 14:43:20.307154 # [INFO ] Executing state file.managed for [/usr/local/bin/sift] # [DEBUG ] Requesting URL https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux using GET method # [INFO ] File /usr/local/bin/sift is in the correct state # [INFO ] Completed state [/usr/local/bin/sift] at time 14:43:36.847328 duration_in_ms=16540.175 # [INFO ] Running state [sift-tools] at time 14:43:36.850498 # [INFO ] Executing state test.nop for [sift-tools] # [INFO ] Success! # [INFO ] Completed state [sift-tools] at time 14:43:36.851069 duration_in_ms=0.572 # [INFO ] Running state [https://github.com/cheeky4n6monkey/4n6-scripts.git] at time 14:43:36.855389 # [INFO ] Executing state git.latest for [https://github.com/cheeky4n6monkey/4n6-scripts.git] # [INFO ] Checking remote revision for https://github.com/cheeky4n6monkey/4n6-scripts.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/cheeky4n6monkey/4n6-scripts.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 HEAD 0e19ada8e4334d18af095cc271a12b71b2baa3d1 refs/heads/master 15d4884838e40a41ae2dc046e46cf9e823f65156 refs/pull/1/head # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/local/src/4n6-scripts # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Checking local branch for /usr/local/src/4n6-scripts # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/cheeky4n6monkey/4n6-scripts.git (fetch) origin https://github.com/cheeky4n6monkey/4n6-scripts.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '0e19ada8e4334d18af095cc271a12b71b2baa3d1^{commit}'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Executing command ['git', 'rev-parse', 'origin/master'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Executing command ['git', 'merge-base', '--is-ancestor', '0e19ada8e4334d18af095cc271a12b71b2baa3d1', '0e19ada8e4334d18af095cc271a12b71b2baa3d1'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Repository /usr/local/src/4n6-scripts is up-to-date # [INFO ] Completed state [https://github.com/cheeky4n6monkey/4n6-scripts.git] at time 14:43:39.280541 duration_in_ms=2425.151 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/WP8_AppPerms.py] at time 14:43:39.288358 # [INFO ] Executing state file.copy for [/usr/local/bin/WP8_AppPerms.py] # [INFO ] The target file "/usr/local/bin/WP8_AppPerms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/WP8_AppPerms.py] at time 14:43:39.290638 duration_in_ms=2.28 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/bing-bar-parser.pl] at time 14:43:39.297348 # [INFO ] Executing state file.copy for [/usr/local/bin/bing-bar-parser.pl] # [INFO ] The target file "/usr/local/bin/bing-bar-parser.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/bing-bar-parser.pl] at time 14:43:39.298774 duration_in_ms=1.426 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/chunkymonkey.py] at time 14:43:39.306100 # [INFO ] Executing state file.copy for [/usr/local/bin/chunkymonkey.py] # [INFO ] The target file "/usr/local/bin/chunkymonkey.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/chunkymonkey.py] at time 14:43:39.307444 duration_in_ms=1.343 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/dextract.def] at time 14:43:39.312687 # [INFO ] Executing state file.copy for [/usr/local/bin/dextract.def] # [INFO ] The target file "/usr/local/bin/dextract.def" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/dextract.def] at time 14:43:39.314223 duration_in_ms=1.536 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/dextract.py] at time 14:43:39.319680 # [INFO ] Executing state file.copy for [/usr/local/bin/dextract.py] # [INFO ] The target file "/usr/local/bin/dextract.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/dextract.py] at time 14:43:39.321728 duration_in_ms=2.048 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/docx-font-extractor.pl] at time 14:43:39.327347 # [INFO ] Executing state file.copy for [/usr/local/bin/docx-font-extractor.pl] # [INFO ] The target file "/usr/local/bin/docx-font-extractor.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/docx-font-extractor.pl] at time 14:43:39.328723 duration_in_ms=1.377 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/exif2map.pl] at time 14:43:39.333908 # [INFO ] Executing state file.copy for [/usr/local/bin/exif2map.pl] # [INFO ] The target file "/usr/local/bin/exif2map.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/exif2map.pl] at time 14:43:39.335158 duration_in_ms=1.25 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/fbmsg-extractor.py] at time 14:43:39.340403 # [INFO ] Executing state file.copy for [/usr/local/bin/fbmsg-extractor.py] # [INFO ] The target file "/usr/local/bin/fbmsg-extractor.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/fbmsg-extractor.py] at time 14:43:39.341606 duration_in_ms=1.203 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/gis4cookie.pl] at time 14:43:39.346293 # [INFO ] Executing state file.copy for [/usr/local/bin/gis4cookie.pl] # [INFO ] The target file "/usr/local/bin/gis4cookie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/gis4cookie.pl] at time 14:43:39.347308 duration_in_ms=1.015 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/google-ei-time.py] at time 14:43:39.352029 # [INFO ] Executing state file.copy for [/usr/local/bin/google-ei-time.py] # [INFO ] The target file "/usr/local/bin/google-ei-time.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/google-ei-time.py] at time 14:43:39.353391 duration_in_ms=1.362 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/imgcache-parse-mod.py] at time 14:43:39.359587 # [INFO ] Executing state file.copy for [/usr/local/bin/imgcache-parse-mod.py] # [INFO ] The target file "/usr/local/bin/imgcache-parse-mod.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/imgcache-parse-mod.py] at time 14:43:39.360818 duration_in_ms=1.232 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/imgcache-parse.py] at time 14:43:39.366224 # [INFO ] Executing state file.copy for [/usr/local/bin/imgcache-parse.py] # [INFO ] The target file "/usr/local/bin/imgcache-parse.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/imgcache-parse.py] at time 14:43:39.367693 duration_in_ms=1.47 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/json-printer.pl] at time 14:43:39.373197 # [INFO ] Executing state file.copy for [/usr/local/bin/json-printer.pl] # [INFO ] The target file "/usr/local/bin/json-printer.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/json-printer.pl] at time 14:43:39.374830 duration_in_ms=1.634 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/msoffice-pic-extractor.py] at time 14:43:39.380027 # [INFO ] Executing state file.copy for [/usr/local/bin/msoffice-pic-extractor.py] # [INFO ] The target file "/usr/local/bin/msoffice-pic-extractor.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/msoffice-pic-extractor.py] at time 14:43:39.381256 duration_in_ms=1.229 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/plist2db.py] at time 14:43:39.386151 # [INFO ] Executing state file.copy for [/usr/local/bin/plist2db.py] # [INFO ] The target file "/usr/local/bin/plist2db.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/plist2db.py] at time 14:43:39.387359 duration_in_ms=1.208 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/print_apk_perms.py] at time 14:43:39.392566 # [INFO ] Executing state file.copy for [/usr/local/bin/print_apk_perms.py] # [INFO ] The target file "/usr/local/bin/print_apk_perms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/print_apk_perms.py] at time 14:43:39.393592 duration_in_ms=1.026 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/s2-cellid2latlong.py] at time 14:43:39.398633 # [INFO ] Executing state file.copy for [/usr/local/bin/s2-cellid2latlong.py] # [INFO ] The target file "/usr/local/bin/s2-cellid2latlong.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/s2-cellid2latlong.py] at time 14:43:39.400318 duration_in_ms=1.685 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/s2-latlong2cellid.py] at time 14:43:39.405786 # [INFO ] Executing state file.copy for [/usr/local/bin/s2-latlong2cellid.py] # [INFO ] The target file "/usr/local/bin/s2-latlong2cellid.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/s2-latlong2cellid.py] at time 14:43:39.407335 duration_in_ms=1.55 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sms-grep-sample-config.txt] at time 14:43:39.413051 # [INFO ] Executing state file.copy for [/usr/local/bin/sms-grep-sample-config.txt] # [INFO ] The target file "/usr/local/bin/sms-grep-sample-config.txt" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sms-grep-sample-config.txt] at time 14:43:39.414290 duration_in_ms=1.24 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sms-grep.pl] at time 14:43:39.419402 # [INFO ] Executing state file.copy for [/usr/local/bin/sms-grep.pl] # [INFO ] The target file "/usr/local/bin/sms-grep.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sms-grep.pl] at time 14:43:39.420799 duration_in_ms=1.397 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlite-base64-decode.py] at time 14:43:39.425969 # [INFO ] Executing state file.copy for [/usr/local/bin/sqlite-base64-decode.py] # [INFO ] The target file "/usr/local/bin/sqlite-base64-decode.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sqlite-base64-decode.py] at time 14:43:39.427185 duration_in_ms=1.216 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlite-blob-dumper.py] at time 14:43:39.431970 # [INFO ] Executing state file.copy for [/usr/local/bin/sqlite-blob-dumper.py] # [INFO ] The target file "/usr/local/bin/sqlite-blob-dumper.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sqlite-blob-dumper.py] at time 14:43:39.433002 duration_in_ms=1.032 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlite-parser.pl] at time 14:43:39.438069 # [INFO ] Executing state file.copy for [/usr/local/bin/sqlite-parser.pl] # [INFO ] The target file "/usr/local/bin/sqlite-parser.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sqlite-parser.pl] at time 14:43:39.439309 duration_in_ms=1.24 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/squirrelgripper-README.txt] at time 14:43:39.444978 # [INFO ] Executing state file.copy for [/usr/local/bin/squirrelgripper-README.txt] # [INFO ] The target file "/usr/local/bin/squirrelgripper-README.txt" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/squirrelgripper-README.txt] at time 14:43:39.446298 duration_in_ms=1.32 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/squirrelgripper.pl] at time 14:43:39.451869 # [INFO ] Executing state file.copy for [/usr/local/bin/squirrelgripper.pl] # [INFO ] The target file "/usr/local/bin/squirrelgripper.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/squirrelgripper.pl] at time 14:43:39.453313 duration_in_ms=1.445 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/timediff32.pl] at time 14:43:39.458702 # [INFO ] Executing state file.copy for [/usr/local/bin/timediff32.pl] # [INFO ] The target file "/usr/local/bin/timediff32.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/timediff32.pl] at time 14:43:39.459928 duration_in_ms=1.227 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/vmail-db-2-html.pl] at time 14:43:39.465260 # [INFO ] Executing state file.copy for [/usr/local/bin/vmail-db-2-html.pl] # [INFO ] The target file "/usr/local/bin/vmail-db-2-html.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/vmail-db-2-html.pl] at time 14:43:39.466455 duration_in_ms=1.195 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-callhistory.py] at time 14:43:39.471530 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-callhistory.py] # [INFO ] The target file "/usr/local/bin/wp8-1-callhistory.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-callhistory.py] at time 14:43:39.472724 duration_in_ms=1.195 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-contacts.py] at time 14:43:39.477538 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-contacts.py] # [INFO ] The target file "/usr/local/bin/wp8-1-contacts.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-contacts.py] at time 14:43:39.478706 duration_in_ms=1.167 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-mms-filesort.py] at time 14:43:39.483459 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-mms-filesort.py] # [INFO ] The target file "/usr/local/bin/wp8-1-mms-filesort.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-mms-filesort.py] at time 14:43:39.484615 duration_in_ms=1.156 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-mms.py] at time 14:43:39.490258 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-mms.py] # [INFO ] The target file "/usr/local/bin/wp8-1-mms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-mms.py] at time 14:43:39.491482 duration_in_ms=1.224 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-sms.py] at time 14:43:39.497252 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-sms.py] # [INFO ] The target file "/usr/local/bin/wp8-1-sms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-sms.py] at time 14:43:39.498647 duration_in_ms=1.396 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-callhistory.py] at time 14:43:39.504034 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-callhistory.py] # [INFO ] The target file "/usr/local/bin/wp8-callhistory.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-callhistory.py] at time 14:43:39.505325 duration_in_ms=1.291 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-contacts.py] at time 14:43:39.510512 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-contacts.py] # [INFO ] The target file "/usr/local/bin/wp8-contacts.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-contacts.py] at time 14:43:39.511766 duration_in_ms=1.254 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-fb-msg.py] at time 14:43:39.517603 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-fb-msg.py] # [INFO ] The target file "/usr/local/bin/wp8-fb-msg.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-fb-msg.py] at time 14:43:39.518668 duration_in_ms=1.065 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-sha256-pin-finder.py] at time 14:43:39.523824 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-sha256-pin-finder.py] # [INFO ] The target file "/usr/local/bin/wp8-sha256-pin-finder.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-sha256-pin-finder.py] at time 14:43:39.524983 duration_in_ms=1.159 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-sms.py] at time 14:43:39.529917 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-sms.py] # [INFO ] The target file "/usr/local/bin/wp8-sms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-sms.py] at time 14:43:39.531619 duration_in_ms=1.702 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wwf-chat-parser.py] at time 14:43:39.537068 # [INFO ] Executing state file.copy for [/usr/local/bin/wwf-chat-parser.py] # [INFO ] The target file "/usr/local/bin/wwf-chat-parser.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wwf-chat-parser.py] at time 14:43:39.538503 duration_in_ms=1.435 # [INFO ] Running state [/usr/local/bin/amcache.py] at time 14:43:39.538713 # [INFO ] Executing state file.managed for [/usr/local/bin/amcache.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # This file is part of python-registry. # # Copyright 2015 Will Ballenthin # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/amcache.py] at time 14:43:40.223962 duration_in_ms=685.248 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.replace # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/amcache.py] at time 14:43:40.952382 # [INFO ] Executing state file.replace for [/usr/local/bin/amcache.py] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # This file is part of python-registry. # # Copyright 2015 Will Ballenthin # [INFO ] Completed state [/usr/local/bin/amcache.py] at time 14:43:40.956608 duration_in_ms=4.227 # [INFO ] Running state [/usr/local/bin/dump-mft-entry.pl] at time 14:43:40.956769 # [INFO ] Executing state file.managed for [/usr/local/bin/dump-mft-entry.pl] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/bin/perl #------------------------------ #dump_mft_entry.pl # [INFO ] Completed state [/usr/local/bin/dump-mft-entry.pl] at time 14:43:41.169108 duration_in_ms=212.336 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/dump-mft-entry.pl] at time 14:43:41.189122 # [INFO ] Executing state file.replace for [/usr/local/bin/dump-mft-entry.pl] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl #------------------------------ #dump_mft_entry.pl # [INFO ] Completed state [/usr/local/bin/dump-mft-entry.pl] at time 14:43:41.196860 duration_in_ms=7.738 # [INFO ] Running state [/usr/local/bin/imageMounter.py] at time 14:43:41.197454 # [INFO ] Executing state file.managed for [/usr/local/bin/imageMounter.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py using GET method # [INFO ] File /usr/local/bin/imageMounter.py is in the correct state # [INFO ] Completed state [/usr/local/bin/imageMounter.py] at time 14:43:41.424657 duration_in_ms=227.201 # [INFO ] Running state [/usr/local/bin/idx_parser.py] at time 14:43:41.425278 # [INFO ] Executing state file.managed for [/usr/local/bin/idx_parser.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py using GET method # [INFO ] File /usr/local/bin/idx_parser.py is in the correct state # [INFO ] Completed state [/usr/local/bin/idx_parser.py] at time 14:43:41.681829 duration_in_ms=256.548 # [INFO ] Running state [/usr/local/bin/jobparser.py] at time 14:43:41.682773 # [INFO ] Executing state file.managed for [/usr/local/bin/jobparser.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py using GET method # [INFO ] File /usr/local/bin/jobparser.py is in the correct state # [INFO ] Completed state [/usr/local/bin/jobparser.py] at time 14:43:41.971117 duration_in_ms=288.346 # [INFO ] Running state [https://github.com/keydet89/Tools.git] at time 14:43:41.974043 # [INFO ] Executing state git.latest for [https://github.com/keydet89/Tools.git] # [INFO ] Checking remote revision for https://github.com/keydet89/Tools.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/keydet89/Tools.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 HEAD 031d06d13189fdb8bd24b75585951b1b5b33aa56 refs/heads/master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/local/src/keydet-tools # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Checking local branch for /usr/local/src/keydet-tools # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/keydet89/Tools.git (fetch) origin https://github.com/keydet89/Tools.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '031d06d13189fdb8bd24b75585951b1b5b33aa56^{commit}'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Executing command ['git', 'rev-parse', 'origin/master'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Executing command ['git', 'merge-base', '--is-ancestor', '031d06d13189fdb8bd24b75585951b1b5b33aa56', '031d06d13189fdb8bd24b75585951b1b5b33aa56'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Repository /usr/local/src/keydet-tools is up-to-date # [INFO ] Completed state [https://github.com/keydet89/Tools.git] at time 14:43:44.600935 duration_in_ms=2626.891 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/bodyfile.pl] at time 14:43:44.606802 # [INFO ] Executing state file.copy for [/usr/local/bin/bodyfile.pl] # [INFO ] The target file "/usr/local/bin/bodyfile.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/bodyfile.pl] at time 14:43:44.608192 duration_in_ms=1.39 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/bodyfile.pl] at time 14:43:44.613218 # [INFO ] Executing state file.replace for [/usr/local/bin/bodyfile.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/bodyfile.pl] at time 14:43:44.615837 duration_in_ms=2.619 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtparse.pl] at time 14:43:44.621231 # [INFO ] Executing state file.copy for [/usr/local/bin/evtparse.pl] # [INFO ] The target file "/usr/local/bin/evtparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/evtparse.pl] at time 14:43:44.622463 duration_in_ms=1.232 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtparse.pl] at time 14:43:44.627505 # [INFO ] Executing state file.replace for [/usr/local/bin/evtparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/evtparse.pl] at time 14:43:44.630275 duration_in_ms=2.77 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtrpt.pl] at time 14:43:44.635700 # [INFO ] Executing state file.copy for [/usr/local/bin/evtrpt.pl] # [INFO ] The target file "/usr/local/bin/evtrpt.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/evtrpt.pl] at time 14:43:44.637229 duration_in_ms=1.53 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtrpt.pl] at time 14:43:44.642692 # [INFO ] Executing state file.replace for [/usr/local/bin/evtrpt.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/evtrpt.pl] at time 14:43:44.646236 duration_in_ms=3.543 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtxparse.pl] at time 14:43:44.651826 # [INFO ] Executing state file.copy for [/usr/local/bin/evtxparse.pl] # [INFO ] The target file "/usr/local/bin/evtxparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/evtxparse.pl] at time 14:43:44.653070 duration_in_ms=1.244 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtxparse.pl] at time 14:43:44.658465 # [INFO ] Executing state file.replace for [/usr/local/bin/evtxparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/evtxparse.pl] at time 14:43:44.661246 duration_in_ms=2.781 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/fb.pl] at time 14:43:44.666562 # [INFO ] Executing state file.copy for [/usr/local/bin/fb.pl] # [INFO ] The target file "/usr/local/bin/fb.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/fb.pl] at time 14:43:44.667828 duration_in_ms=1.266 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/fb.pl] at time 14:43:44.673477 # [INFO ] Executing state file.replace for [/usr/local/bin/fb.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/fb.pl] at time 14:43:44.675841 duration_in_ms=2.365 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff.pl] at time 14:43:44.681860 # [INFO ] Executing state file.copy for [/usr/local/bin/ff.pl] # [INFO ] The target file "/usr/local/bin/ff.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/ff.pl] at time 14:43:44.683143 duration_in_ms=1.283 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff.pl] at time 14:43:44.688604 # [INFO ] Executing state file.replace for [/usr/local/bin/ff.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/ff.pl] at time 14:43:44.691812 duration_in_ms=3.208 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff_signons.pl] at time 14:43:44.697073 # [INFO ] Executing state file.copy for [/usr/local/bin/ff_signons.pl] # [INFO ] The target file "/usr/local/bin/ff_signons.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/ff_signons.pl] at time 14:43:44.698356 duration_in_ms=1.283 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff_signons.pl] at time 14:43:44.705712 # [INFO ] Executing state file.replace for [/usr/local/bin/ff_signons.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/ff_signons.pl] at time 14:43:44.708145 duration_in_ms=2.433 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ftkparse.pl] at time 14:43:44.713011 # [INFO ] Executing state file.copy for [/usr/local/bin/ftkparse.pl] # [INFO ] The target file "/usr/local/bin/ftkparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/ftkparse.pl] at time 14:43:44.714347 duration_in_ms=1.336 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ftkparse.pl] at time 14:43:44.795989 # [INFO ] Executing state file.replace for [/usr/local/bin/ftkparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/ftkparse.pl] at time 14:43:44.798286 duration_in_ms=2.298 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idx.pl] at time 14:43:44.803546 # [INFO ] Executing state file.copy for [/usr/local/bin/idx.pl] # [INFO ] The target file "/usr/local/bin/idx.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/idx.pl] at time 14:43:44.804749 duration_in_ms=1.203 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idx.pl] at time 14:43:44.809809 # [INFO ] Executing state file.replace for [/usr/local/bin/idx.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/idx.pl] at time 14:43:44.814014 duration_in_ms=4.205 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idxparse.pl] at time 14:43:44.819284 # [INFO ] Executing state file.copy for [/usr/local/bin/idxparse.pl] # [INFO ] The target file "/usr/local/bin/idxparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/idxparse.pl] at time 14:43:44.820540 duration_in_ms=1.256 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idxparse.pl] at time 14:43:44.825656 # [INFO ] Executing state file.replace for [/usr/local/bin/idxparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/idxparse.pl] at time 14:43:44.829777 duration_in_ms=4.121 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jl.pl] at time 14:43:44.835437 # [INFO ] Executing state file.copy for [/usr/local/bin/jl.pl] # [INFO ] The target file "/usr/local/bin/jl.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/jl.pl] at time 14:43:44.836650 duration_in_ms=1.213 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jl.pl] at time 14:43:44.842455 # [INFO ] Executing state file.replace for [/usr/local/bin/jl.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/jl.pl] at time 14:43:44.845080 duration_in_ms=2.624 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jobparse.pl] at time 14:43:44.850903 # [INFO ] Executing state file.copy for [/usr/local/bin/jobparse.pl] # [INFO ] The target file "/usr/local/bin/jobparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/jobparse.pl] at time 14:43:44.852174 duration_in_ms=1.272 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jobparse.pl] at time 14:43:44.857596 # [INFO ] Executing state file.replace for [/usr/local/bin/jobparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/jobparse.pl] at time 14:43:44.860476 duration_in_ms=2.881 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lfle.pl] at time 14:43:44.865702 # [INFO ] Executing state file.copy for [/usr/local/bin/lfle.pl] # [INFO ] The target file "/usr/local/bin/lfle.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/lfle.pl] at time 14:43:44.866914 duration_in_ms=1.212 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lfle.pl] at time 14:43:44.872244 # [INFO ] Executing state file.replace for [/usr/local/bin/lfle.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/lfle.pl] at time 14:43:44.875493 duration_in_ms=3.249 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lnk.pl] at time 14:43:44.881074 # [INFO ] Executing state file.copy for [/usr/local/bin/lnk.pl] # [INFO ] The target file "/usr/local/bin/lnk.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/lnk.pl] at time 14:43:44.882434 duration_in_ms=1.36 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lnk.pl] at time 14:43:44.888400 # [INFO ] Executing state file.replace for [/usr/local/bin/lnk.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/lnk.pl] at time 14:43:44.890979 duration_in_ms=2.579 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/mft.pl] at time 14:43:44.896369 # [INFO ] Executing state file.copy for [/usr/local/bin/mft.pl] # [INFO ] The target file "/usr/local/bin/mft.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/mft.pl] at time 14:43:44.897678 duration_in_ms=1.309 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/mft.pl] at time 14:43:44.903243 # [INFO ] Executing state file.replace for [/usr/local/bin/mft.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/mft.pl] at time 14:43:44.907059 duration_in_ms=3.816 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parse.pl] at time 14:43:44.912026 # [INFO ] Executing state file.copy for [/usr/local/bin/parse.pl] # [INFO ] The target file "/usr/local/bin/parse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/parse.pl] at time 14:43:44.913232 duration_in_ms=1.206 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parse.pl] at time 14:43:44.918781 # [INFO ] Executing state file.replace for [/usr/local/bin/parse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/parse.pl] at time 14:43:44.921911 duration_in_ms=3.13 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parsei30.pl] at time 14:43:44.927508 # [INFO ] Executing state file.copy for [/usr/local/bin/parsei30.pl] # [INFO ] The target file "/usr/local/bin/parsei30.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/parsei30.pl] at time 14:43:44.929192 duration_in_ms=1.684 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parsei30.pl] at time 14:43:44.935282 # [INFO ] Executing state file.replace for [/usr/local/bin/parsei30.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/parsei30.pl] at time 14:43:44.938220 duration_in_ms=2.938 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parseie.pl] at time 14:43:44.943720 # [INFO ] Executing state file.copy for [/usr/local/bin/parseie.pl] # [INFO ] The target file "/usr/local/bin/parseie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/parseie.pl] at time 14:43:44.945017 duration_in_ms=1.298 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parseie.pl] at time 14:43:44.951020 # [INFO ] Executing state file.replace for [/usr/local/bin/parseie.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/parseie.pl] at time 14:43:44.954082 duration_in_ms=3.063 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pie.pl] at time 14:43:44.959313 # [INFO ] Executing state file.copy for [/usr/local/bin/pie.pl] # [INFO ] The target file "/usr/local/bin/pie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/pie.pl] at time 14:43:44.960550 duration_in_ms=1.237 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pie.pl] at time 14:43:44.966682 # [INFO ] Executing state file.replace for [/usr/local/bin/pie.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/pie.pl] at time 14:43:44.969250 duration_in_ms=2.568 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pref.pl] at time 14:43:44.974900 # [INFO ] Executing state file.copy for [/usr/local/bin/pref.pl] # [INFO ] The target file "/usr/local/bin/pref.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/pref.pl] at time 14:43:44.976352 duration_in_ms=1.452 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pref.pl] at time 14:43:44.982110 # [INFO ] Executing state file.replace for [/usr/local/bin/pref.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/pref.pl] at time 14:43:44.985229 duration_in_ms=3.12 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rawie.pl] at time 14:43:44.990549 # [INFO ] Executing state file.copy for [/usr/local/bin/rawie.pl] # [INFO ] The target file "/usr/local/bin/rawie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/rawie.pl] at time 14:43:44.991734 duration_in_ms=1.186 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rawie.pl] at time 14:43:44.996955 # [INFO ] Executing state file.replace for [/usr/local/bin/rawie.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/rawie.pl] at time 14:43:45.000101 duration_in_ms=3.146 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/recbin.pl] at time 14:43:45.005257 # [INFO ] Executing state file.copy for [/usr/local/bin/recbin.pl] # [INFO ] The target file "/usr/local/bin/recbin.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/recbin.pl] at time 14:43:45.006496 duration_in_ms=1.239 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/recbin.pl] at time 14:43:45.012380 # [INFO ] Executing state file.replace for [/usr/local/bin/recbin.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/recbin.pl] at time 14:43:45.015473 duration_in_ms=3.094 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regslack.pl] at time 14:43:45.022525 # [INFO ] Executing state file.copy for [/usr/local/bin/regslack.pl] # [INFO ] The target file "/usr/local/bin/regslack.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/regslack.pl] at time 14:43:45.023843 duration_in_ms=1.319 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regslack.pl] at time 14:43:45.029356 # [INFO ] Executing state file.replace for [/usr/local/bin/regslack.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/regslack.pl] at time 14:43:45.033015 duration_in_ms=3.66 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regtime.pl] at time 14:43:45.038355 # [INFO ] Executing state file.copy for [/usr/local/bin/regtime.pl] # [INFO ] The target file "/usr/local/bin/regtime.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/regtime.pl] at time 14:43:45.039679 duration_in_ms=1.324 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regtime.pl] at time 14:43:45.044707 # [INFO ] Executing state file.replace for [/usr/local/bin/regtime.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/regtime.pl] at time 14:43:45.047094 duration_in_ms=2.387 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rfc.pl] at time 14:43:45.052538 # [INFO ] Executing state file.copy for [/usr/local/bin/rfc.pl] # [INFO ] The target file "/usr/local/bin/rfc.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/rfc.pl] at time 14:43:45.054016 duration_in_ms=1.478 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rfc.pl] at time 14:43:45.059819 # [INFO ] Executing state file.replace for [/usr/local/bin/rfc.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/rfc.pl] at time 14:43:45.062546 duration_in_ms=2.728 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rlo.pl] at time 14:43:45.068387 # [INFO ] Executing state file.copy for [/usr/local/bin/rlo.pl] # [INFO ] The target file "/usr/local/bin/rlo.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/rlo.pl] at time 14:43:45.069641 duration_in_ms=1.255 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rlo.pl] at time 14:43:45.075134 # [INFO ] Executing state file.replace for [/usr/local/bin/rlo.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/rlo.pl] at time 14:43:45.077970 duration_in_ms=2.836 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/tln.pl] at time 14:43:45.083207 # [INFO ] Executing state file.copy for [/usr/local/bin/tln.pl] # [INFO ] The target file "/usr/local/bin/tln.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/tln.pl] at time 14:43:45.084419 duration_in_ms=1.212 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/tln.pl] at time 14:43:45.089453 # [INFO ] Executing state file.replace for [/usr/local/bin/tln.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/tln.pl] at time 14:43:45.092447 duration_in_ms=2.994 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/usnj.pl] at time 14:43:45.098098 # [INFO ] Executing state file.copy for [/usr/local/bin/usnj.pl] # [INFO ] The target file "/usr/local/bin/usnj.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/usnj.pl] at time 14:43:45.099584 duration_in_ms=1.487 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/usnj.pl] at time 14:43:45.105347 # [INFO ] Executing state file.replace for [/usr/local/bin/usnj.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/usnj.pl] at time 14:43:45.109241 duration_in_ms=3.893 # [INFO ] Running state [/usr/local/bin/packerid.py] at time 14:43:45.112472 # [INFO ] Executing state file.managed for [/usr/local/bin/packerid.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/local/bin/python # # Author: Jim Clausing # Date: 2009-05-15 # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/packerid.py] at time 14:43:45.404619 duration_in_ms=292.146 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.replace # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/packerid.py] at time 14:43:46.111335 # [INFO ] Executing state file.replace for [/usr/local/bin/packerid.py] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/local/bin/python +#!/usr/bin/env python # # Author: Jim Clausing # Date: 2009-05-15 # [INFO ] Completed state [/usr/local/bin/packerid.py] at time 14:43:46.114731 duration_in_ms=3.396 # [INFO ] Running state [/usr/local/bin] at time 14:43:46.114893 # [INFO ] Executing state file.recurse for [/usr/local/bin] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/page-brute/page_brute-BETA.py' to resolve 'salt://sift/files/page-brute/page_brute-BETA.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/page-brute/page_brute-BETA.py' to resolve 'salt://sift/files/page-brute/page_brute-BETA.py' # [INFO ] The directory /usr/local/bin is in the correct state # [INFO ] Completed state [/usr/local/bin] at time 14:43:46.188837 duration_in_ms=73.944 # [INFO ] Running state [/usr/local/bin/parseusn.py] at time 14:43:46.189016 # [INFO ] Executing state file.managed for [/usr/local/bin/parseusn.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py using GET method # [INFO ] File /usr/local/bin/parseusn.py is in the correct state # [INFO ] Completed state [/usr/local/bin/parseusn.py] at time 14:43:46.436636 duration_in_ms=247.617 # [INFO ] Running state [/usr/local/bin] at time 14:43:46.437394 # [INFO ] Executing state file.recurse for [/usr/local/bin] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_list' to resolve 'salt://sift/files/pdf-tools/plugin_list' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_list' to resolve 'salt://sift/files/pdf-tools/plugin_list' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_nameobfuscation.py' to resolve 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_nameobfuscation.py' to resolve 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/PDFTemplate.bt' to resolve 'salt://sift/files/pdf-tools/PDFTemplate.bt' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/PDFTemplate.bt' to resolve 'salt://sift/files/pdf-tools/PDFTemplate.bt' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-embedded.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-embedded.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-embedded.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-embedded.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/pdf-parser.py' to resolve 'salt://sift/files/pdf-tools/pdf-parser.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/pdf-parser.py' to resolve 'salt://sift/files/pdf-tools/pdf-parser.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_embeddedfile.py' to resolve 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_embeddedfile.py' to resolve 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-helloworld.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-helloworld.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/mPDF.py' to resolve 'salt://sift/files/pdf-tools/mPDF.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/mPDF.py' to resolve 'salt://sift/files/pdf-tools/mPDF.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_triage.py' to resolve 'salt://sift/files/pdf-tools/plugin_triage.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_triage.py' to resolve 'salt://sift/files/pdf-tools/plugin_triage.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-javascript.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-javascript.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-javascript.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-javascript.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/pdfid.py' to resolve 'salt://sift/files/pdf-tools/pdfid.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/pdfid.py' to resolve 'salt://sift/files/pdf-tools/pdfid.py' # [INFO ] The directory /usr/local/bin is in the correct state # [INFO ] Completed state [/usr/local/bin] at time 14:43:46.527420 duration_in_ms=90.025 # [INFO ] Running state [/usr/local/bin/pecarve.py] at time 14:43:46.533129 # [INFO ] Executing state file.managed for [/usr/local/bin/pecarve.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,3 @@ -#!/usr/bin/env python # PE File Carver # by Brian Baskin (@bbaskin) # # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/pecarve.py] at time 14:43:46.796547 duration_in_ms=263.418 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.prepend # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pecarve.py] at time 14:43:47.523883 # [INFO ] Executing state file.prepend for [/usr/local/bin/pecarve.py] # [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python # PE File Carver # by Brian Baskin (@bbaskin) # # [INFO ] Completed state [/usr/local/bin/pecarve.py] at time 14:43:47.526851 duration_in_ms=2.968 # [INFO ] Running state [/usr/local/bin/pescanner.py] at time 14:43:47.529335 # [INFO ] Executing state file.managed for [/usr/local/bin/pescanner.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py using GET method # [INFO ] File /usr/local/bin/pescanner.py is in the correct state # [INFO ] Completed state [/usr/local/bin/pescanner.py] at time 14:43:47.762784 duration_in_ms=233.446 # [INFO ] Running state [https://github.com/keydet89/RegRipper2.8.git] at time 14:43:47.771212 # [INFO ] Executing state git.latest for [https://github.com/keydet89/RegRipper2.8.git] # [INFO ] Checking remote revision for https://github.com/keydet89/RegRipper2.8.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/keydet89/RegRipper2.8.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 HEAD c65c823d2c8371a9f0702248ab22d506ea0a2678 refs/heads/master 9cbf58519ae9cb755604df6ab77cfdd841e69e27 refs/pull/1/head 9ca74b851ed731a8e3047ab1486979b58d61162a refs/pull/12/head 06df33013a12b5347145520b181d43e926f24e1c refs/pull/16/head 76c779f2050a222c86afdfc91907b373d55f6fbf refs/pull/17/head e7c7a2195aee87a18a95b31af5135778deda10b0 refs/pull/19/head 25e090a0bb654d15f97ef29cd4b29ea32ffb2bc3 refs/pull/2/head 996b93115d119f9fe9967d5060ce8725a72fa40a refs/pull/20/head ca9f223dd8bba48f3b69670373ef41fd9d4f3070 refs/pull/21/head 43a22b01c82f0cdab944304bf14a6de272710299 refs/pull/22/head ff62f725d6dbc8738ca820b007d2ac6b3eec8da1 refs/pull/23/head 78e9325e69059a654e2d423bcd0e19c8d9fd39cc refs/pull/26/head 02790a303272d7ea2f2206edb830846029957907 refs/pull/27/head 5f99eb75cb7a9e9b11582ba2072c23884e7ce228 refs/pull/28/head b24a773ae5fbe3f56b8d9402d304f3758e9a794c refs/pull/29/head 329e4b69f150ecaf5c764cdb4b008a15431a4eec refs/pull/31/head a3fd0f874665fb890b0b674887ac920f5a8c8faf refs/pull/31/merge 63713a377afc162a2d92c1acdcb8cf084d2e9b5d refs/pull/5/head # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/local/src/regripper # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] Checking local branch for /usr/local/src/regripper # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/keydet89/RegRipper2.8.git (fetch) origin https://github.com/keydet89/RegRipper2.8.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: diff --git a/plugins/all b/plugins/all index 57843dc..cc5a815 100644 --- a/plugins/all +++ b/plugins/all @@ -1,17 +1,11 @@ -# 20161213 *ALL* Plugins that apply on any HIVES, alphabetical order +sizes baseline -del -del_tln -fileless findexes -installedcomp -installer -malware -null regtime +malware +del_tln regtime_tln rlo -sizes -uninstall -uninstall_tln -wallpaper +del +fileless +null diff --git a/plugins/ntuser b/plugins/ntuser index 72c8ed7..561a01c 100644 --- a/plugins/ntuser +++ b/plugins/ntuser @@ -1,159 +1,155 @@ -# 20170415 *ALL* Plugins that apply on NTUSER hive, alphabetical order -acmru -adoberdr +vnchooksapplicationprefs +policies_u +iejava +warcraft3 +typedurlstime_tln +clampitm +startmenuinternetapps_cu +recentdocs_tln +winvnc +decaf +osversion_tln +liveContactsGUID +vncviewer ahaha -aim -aports -appcompatflags -applets -applets_tln -appspecific +yahoo_cu +userinfo +fileexts ares -arpcache -attachmgr -attachmgr_tln +runmru_tln +sevenzip +typedurls_tln +mndmru +putty +officedocs2010 +userlocsvc +ntusernetwork +profiler +wordwheelquery +snapshot_viewer +load +mpmru +typedpaths_tln +kankan +identities +reveton +mndmru_tln autoendtasks +userassist_tln +user_win +winlogon_u +tsclient_tln +outlook2 +rdphint +cmdproc_tln +gthist autorun -bitbucket_user -brisv -cached -cached_tln +winscp +aports +acmru +oisc +sysinternals +reading_locations +skype +vista_bitbucket cain -ccleaner -cdstaginginfo -clampi -clampitm cmdproc -cmdproc_tln -comdlg32 -compdesc -controlpanel -cortana -cpldontload -ddo -decaf -dependency_walker -domains +startpage +rootkit_revealer +typedpaths +muicache +inprocserver environment -fileexts +adoberdr +itempos filehistory -foxitrdr -gpohist -gpohist_tln -gthist -gtwhitelist -haven_and_hearth -identities -iejava -ie_main -ie_settings -ie_zones -inprocserver +vmware_vsphere_client internet_explorer_cu -internet_settings_cu -itempos -javafx -kankan -knowndev +user_run latentbot -listsoft -liveContactsGUID -load -logonusername -menuorder +startup +printers +aim +javafx +typedurls +mp3 mixer +attachmgr +userassist +applets +cached_tln +ddo +printermru mixer_tln -mmc -mmc_tln -mmo -mndmru -mndmru_tln +brisv +odysseus mp2 -mp3 -mpmru -mspaper -muicache -muicache_tln -nero +controlpanel +listsoft +shellbags_xp +proxysettings +logonusername +foxitrdr +osversion +ie_zones +compdesc +ccleaner netassist -ntusernetwork -odysseus -officedocs -officedocs2010 -officedocs2010_tln -oisc +urun_tln +unreadmail +appspecific +winrar_tln +ie_settings +cpldontload +attachmgr_tln +domains +tsclient +uninstall_tln +trustrecords olsearch -osversion -osversion_tln +gpohist_tln outlook -outlook2 -policies_u -printermru -printers -privoxy -profiler -proxysettings +sysinternals_tln +gtwhitelist publishingwizard -putty -putty_sessions -rdphint -reading_locations +shellfolders +dependency_walker +privoxy +cached +vawtrak +comdlg32 +haven_and_hearth realplayer6 -realvnc +mmc_tln +ie_main +knowndev +nero +trustrecords_tln +arpcache +bitbucket_user +mmo +muicache_tln +gpohist +mspaper +runmru recentdocs +cdstaginginfo +winrar2 +uninstall +officedocs +internet_settings_cu recentdocs_timeline -recentdocs_tln -reveton -rootkit_revealer -runmru -runmru_tln -sevenzip -shc -shellbags_xp -shellfolders -skype -snapshot_viewer -ssh_host_keys -startmenuinternetapps_cu -startpage -startup -sysinternals -sysinternals_tln -trustrecords -trustrecords_tln -tsclient -tsclient_tln -typedpaths -typedpaths_tln -typedurls +clampi +applets_tln +officedocs2010_tln typedurlstime -typedurlstime_tln -typedurls_tln -uninstall -uninstall_tln -unreadmail -urun_tln -userassist -userassist_tln -userinfo -userlocsvc -user_run -user_win -vawtrak -vista_bitbucket +realvnc vmplayer -vmware_vsphere_client -vnchooksapplicationprefs -vncviewer +winzip +putty_sessions +menuorder +mmc +appcompatflags +shc wallpaper -warcraft3 -winlogon_u winrar -winrar2 -winrar_tln -winscp -winscp_sessions -winvnc -winzip -wordwheelquery -yahoo_cu diff --git a/plugins/sam b/plugins/sam index f91679f..c6b3571 100644 --- a/plugins/sam +++ b/plugins/sam @@ -1,3 +1,2 @@ -# 20161213 *ALL* Plugins that apply on SAM hive, alphabetical order samparse -samparse_ltn +samparse_tln diff --git a/plugins/security b/plugins/security index 628ca1c..75cd6c2 100644 --- a/plugins/security +++ b/plugins/security @@ -1,8 +1,6 @@ -# 20161213 *ALL* Plugins that apply on SECURITY hive, alphabetical order auditpol -auditpol_xp -lsasecrets -polacdms secrets +auditpol_xp secrets_tln -securityproviders +polacdms +lsasecrets diff --git a/plugins/software b/plugins/software index 67f8673..fc1f6a9 100644 --- a/plugins/software +++ b/plugins/software @@ -1,102 +1,99 @@ -# 20170415 *ALL* Plugins that apply on SOFTWARE hive, alphabetical order -ahaha -appcompatflags -appinitdlls -apppaths -apppaths_tln +wbem +ie_version +logmein_tln +winnt_cv +tracing_tln assoc -at -at_tln -audiodev -banner +volinfocache bho -bitbucket -btconfig -clsid -cmd_shell -cmd_shell_tln -codeid -ctrlpnl -dcom +port_dev +msis +ahaha defbrowser dfrg -direct -direct_tln -disablesr -drivers32 -drwatson -emdmgmt -esent -etos -gauss -gpohist -gpohist_tln -handler -ie_version -ie_zones -imagefile -init_dlls -inprocserver -installedcomp -installer -javasoft -kankan -kb950582 +mrt landesk -landesk_tln -lastloggedon -lazyshell -licenses -logmein -logmein_tln +codeid +drivers32 macaddr -mrt -msis -netsh -networkcards +regback networklist -networklist_tln +winlogon_tln +winbackup +kankan +soft_run +installedcomp +cmd_shell_tln networkuid -opencandy -port_dev +shellexec +shellext +direct +svchost +tracing product +netsh +inprocserver +banner +spp_clients profilelist -psscript -regback -removdev -renocide schedagent -secctr -sfc -shellexec -shellext -shelloverlay +ctrlpnl snapshot -soft_run -spp_clients -sql_lastconnect -srun_tln -ssid -startmenuinternetapps_lm -susclient -svchost +licenses +secctr systemindex -teamviewer -tracing -tracing_tln -trappoll -uac -uninstall -uninstall_tln +gauss +logmein +at_tln urlzone +uac +updates +renocide +etos +apppaths +imagefile +opencandy +ie_zones +lazyshell +winlogon virut -volinfocache -wbem -winbackup +handler +uninstall_tln +javasoft +networklist_tln +gpohist_tln +win_cv +trappoll +apppaths_tln +appinitdlls +bitbucket +removdev +shelloverlay +audiodev +lastloggedon +emdmgmt +esent +drwatson +srun_tln +sfc +installer +dcom +psscript +direct_tln +gpohist +landesk_tln +uninstall winevt -winlogon -winlogon_tln -winnt_cv +ssid +sql_lastconnect +btconfig +clsid +cmd_shell +susclient +kb950582 +networkcards +disablesr +at +appcompatflags winver -win_cv -yahoo_lm +init_dlls diff --git a/plugins/system b/plugins/system index c3840b7..da7db37 100644 --- a/plugins/system +++ b/plugins/system @@ -1,71 +1,69 @@ -# 20170415 *ALL* Plugins that apply on SYSTEM hive, alphabetical order -appcertdlls -appcompatcache -appcompatcache_tln -auditfail -backuprestore -bthport -comfoo -compname -crashcontrol +svc +usbstor3 ddm -devclass -diag_sr -disablelastaccess -dllsearch -dnschanger -eventlog eventlogs -fw_config -hibernate -ide -imagedev -kbdcrash -legacy -legacy_tln -lsa_packages -mountdev mountdev2 -netsvcs -network -nic -nic2 -nic_mst2 -nolmhash -pagefile -pending -phdet -prefetch +shimcache_tln +appcompatcache processor_architecture -productpolicy -producttype -profiler -rdpnla -rdpport +lsa_packages +pending regin remoteaccess -routes -safeboot -securityproviders +rdpport +rdpnla +network +profiler +angelfire services -shares -shimcache -shimcache_tln -shutdown -shutdowncount -stillimage -svc -svcdll +timezone +appcertdlls +kbdcrash +appcompatcache_tln +auditfail svc_plus -svc_tln -systemindex termcert -termserv -timezone +comfoo +nic2 +ide usb -usbdevices -usbstor +legacy_tln usbstor2 -usbstor3 +hibernate +svc_tln +bthport +legacy +shimcache +dllsearch wpdbusenum +nolmhash +safeboot +netsvcs +routes +mountdev +eventlog +usbstor +diag_sr +devclass +svcdll +disablelastaccess +termserv +nic +productpolicy +crashcontrol +pagefile +dnschanger +shutdown +backuprestore +producttype +shutdowncount xpedition +fw_config +compname +usbdevices +securityproviders +phdet +nic_mst2 +stillimage +imagedev +shares diff --git a/plugins/usrclass b/plugins/usrclass index d954280..7977b61 100644 --- a/plugins/usrclass +++ b/plugins/usrclass @@ -1,8 +1,8 @@ -# 20170415 *ALL* Plugins that apply on USRCLASS hive, alphabetical order -cmd_shell_u -inprocserver muicache -muicache_tln -photos +inprocserver +shellbags_test +cmd_shell_u shellbags shellbags_tln +muicache_tln +photos # [DEBUG ] /usr/local/src/regripper is up-to-date, but with local changes. Since 'force_reset' is enabled, these local changes will be reset. # [INFO ] Executing command ['git', 'rev-parse', 'c65c823d2c8371a9f0702248ab22d506ea0a2678^{commit}'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] Executing command ['git', 'rev-parse', 'origin/master'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'reset', '--hard', 'c65c823d2c8371a9f0702248ab22d506ea0a2678'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: HEAD is now at c65c823 New plugin # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] {'forced update': True} # [INFO ] Completed state [https://github.com/keydet89/RegRipper2.8.git] at time 14:43:50.400158 duration_in_ms=2628.948 # [INFO ] Running state [/usr/local/share/regripper] at time 14:43:50.403168 # [INFO ] Executing state file.directory for [/usr/local/share/regripper] # [INFO ] Directory /usr/local/share/regripper is in the correct state Directory /usr/local/share/regripper updated # [INFO ] Completed state [/usr/local/share/regripper] at time 14:43:50.404167 duration_in_ms=0.999 # [INFO ] Running state [/usr/local/share/regripper/rip.pl] at time 14:43:50.408093 # [INFO ] Executing state file.managed for [/usr/local/share/regripper/rip.pl] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/regripper/rip.pl' to resolve 'salt://sift/files/regripper/rip.pl' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/regripper/rip.pl' to resolve 'salt://sift/files/regripper/rip.pl' # [INFO ] File /usr/local/share/regripper/rip.pl is in the correct state # [INFO ] Completed state [/usr/local/share/regripper/rip.pl] at time 14:43:50.416894 duration_in_ms=8.801 # [INFO ] Running state [/usr/local/share/regripper/plugins] at time 14:43:50.421385 # [INFO ] Executing state file.symlink for [/usr/local/share/regripper/plugins] # [INFO ] Symlink /usr/local/share/regripper/plugins is present and owned by root:root # [INFO ] Completed state [/usr/local/share/regripper/plugins] at time 14:43:50.423161 duration_in_ms=1.777 # [INFO ] Running state [/usr/local/bin/rip.pl] at time 14:43:50.425550 # [INFO ] Executing state file.symlink for [/usr/local/bin/rip.pl] # [INFO ] Symlink /usr/local/bin/rip.pl is present and owned by root:root # [INFO ] Completed state [/usr/local/bin/rip.pl] at time 14:43:50.426917 duration_in_ms=1.367 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:43:50.428976 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:43:50.429435 duration_in_ms=0.459 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:43:50.429539 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all' in directory '/home/sansforensics' # [INFO ] {'pid': 23381, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:43:50.547373 duration_in_ms=117.832 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:43:50.550333 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:43:50.550940 duration_in_ms=0.607 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:43:50.551051 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser' in directory '/home/sansforensics' # [INFO ] {'pid': 23398, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:43:50.765501 duration_in_ms=214.449 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:43:50.768397 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:43:50.769089 duration_in_ms=0.692 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:43:50.769205 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass' in directory '/home/sansforensics' # [INFO ] {'pid': 23559, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:43:50.902975 duration_in_ms=133.77 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:43:50.905949 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:43:50.906520 duration_in_ms=0.571 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:43:50.906637 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam' in directory '/home/sansforensics' # [INFO ] {'pid': 23573, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:43:51.039079 duration_in_ms=132.442 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:43:51.042068 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:43:51.042762 duration_in_ms=0.695 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:43:51.042889 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security' in directory '/home/sansforensics' # [INFO ] {'pid': 23581, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:43:51.136485 duration_in_ms=93.596 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:43:51.139337 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:43:51.139916 duration_in_ms=0.579 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:43:51.140023 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software' in directory '/home/sansforensics' # [INFO ] {'pid': 23593, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:43:51.370372 duration_in_ms=230.346 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:43:51.380367 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:43:51.382351 duration_in_ms=1.984 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:43:51.382718 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system' in directory '/home/sansforensics' # [INFO ] {'pid': 23698, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:43:51.608325 duration_in_ms=225.605 # [INFO ] Running state [/usr/local/bin/ShimCacheParser.py] at time 14:43:51.615431 # [INFO ] Executing state file.managed for [/usr/local/bin/ShimCacheParser.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,3 @@ -#!/usr/bin/env python # ShimCacheParser.py # # Andrew Davis, andrew.davis@mandiant.com # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/ShimCacheParser.py] at time 14:43:51.968404 duration_in_ms=352.974 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.prepend # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ShimCacheParser.py] at time 14:43:52.802142 # [INFO ] Executing state file.prepend for [/usr/local/bin/ShimCacheParser.py] # [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python # ShimCacheParser.py # # Andrew Davis, andrew.davis@mandiant.com # [INFO ] Completed state [/usr/local/bin/ShimCacheParser.py] at time 14:43:52.806626 duration_in_ms=4.485 # [INFO ] Running state [/usr/share/sift/resources] at time 14:43:52.806786 # [INFO ] Executing state file.directory for [/usr/share/sift/resources] # [INFO ] Directory /usr/share/sift/resources is in the correct state Directory /usr/share/sift/resources updated # [INFO ] Completed state [/usr/share/sift/resources] at time 14:43:52.807653 duration_in_ms=0.867 # [INFO ] Running state [/usr/share/sift/images] at time 14:43:52.807796 # [INFO ] Executing state file.directory for [/usr/share/sift/images] # [INFO ] Directory /usr/share/sift/images is in the correct state Directory /usr/share/sift/images updated # [INFO ] Completed state [/usr/share/sift/images] at time 14:43:52.808629 duration_in_ms=0.832 # [INFO ] Running state [/usr/share/sift/audio] at time 14:43:52.808772 # [INFO ] Executing state file.directory for [/usr/share/sift/audio] # [INFO ] Directory /usr/share/sift/audio is in the correct state Directory /usr/share/sift/audio updated # [INFO ] Completed state [/usr/share/sift/audio] at time 14:43:52.809590 duration_in_ms=0.818 # [INFO ] Running state [/usr/share/sift/other] at time 14:43:52.809721 # [INFO ] Executing state file.directory for [/usr/share/sift/other] # [INFO ] Directory /usr/share/sift/other is in the correct state Directory /usr/share/sift/other updated # [INFO ] Completed state [/usr/share/sift/other] at time 14:43:52.810528 duration_in_ms=0.806 # [INFO ] Running state [/usr/share/sift/scripts] at time 14:43:52.810660 # [INFO ] Executing state file.directory for [/usr/share/sift/scripts] # [INFO ] Directory /usr/share/sift/scripts is in the correct state Directory /usr/share/sift/scripts updated # [INFO ] Completed state [/usr/share/sift/scripts] at time 14:43:52.811530 duration_in_ms=0.87 # [INFO ] Running state [/usr/share/sift] at time 14:43:52.820825 # [INFO ] Executing state file.recurse for [/usr/share/sift] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/dfir_avatar.jpg' to resolve 'salt://sift/files/sift/images/dfir_avatar.jpg' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/dfir_avatar.jpg' to resolve 'salt://sift/files/sift/images/dfir_avatar.jpg' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/audio/doink_doink.mp3' to resolve 'salt://sift/files/sift/audio/doink_doink.mp3' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/audio/doink_doink.mp3' to resolve 'salt://sift/files/sift/audio/doink_doink.mp3' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/dfir_logo.png' to resolve 'salt://sift/files/sift/images/dfir_logo.png' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/dfir_logo.png' to resolve 'salt://sift/files/sift/images/dfir_logo.png' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/scripts/update-sift' to resolve 'salt://sift/files/sift/scripts/update-sift' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/scripts/update-sift' to resolve 'salt://sift/files/sift/scripts/update-sift' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [INFO ] The directory /usr/share/sift is in the correct state # [INFO ] Completed state [/usr/share/sift] at time 14:43:53.075741 duration_in_ms=254.916 # [INFO ] Running state [/usr/share/tsk/sorter] at time 14:43:53.075917 # [INFO ] Executing state file.directory for [/usr/share/tsk/sorter] # [INFO ] Directory /usr/share/tsk/sorter is in the correct state Directory /usr/share/tsk/sorter updated # [INFO ] Completed state [/usr/share/tsk/sorter] at time 14:43:53.076606 duration_in_ms=0.689 # [INFO ] Running state [/usr/share/tsk/sorter] at time 14:43:53.079269 # [INFO ] Executing state file.recurse for [/usr/share/tsk/sorter] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/windows.sort' to resolve 'salt://sift/files/sorter/windows.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/windows.sort' to resolve 'salt://sift/files/sorter/windows.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/default.sort' to resolve 'salt://sift/files/sorter/default.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/default.sort' to resolve 'salt://sift/files/sorter/default.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/images.sort.bak' to resolve 'salt://sift/files/sorter/images.sort.bak' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/images.sort.bak' to resolve 'salt://sift/files/sorter/images.sort.bak' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/freebsd.sort' to resolve 'salt://sift/files/sorter/freebsd.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/freebsd.sort' to resolve 'salt://sift/files/sorter/freebsd.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/openbsd.sort' to resolve 'salt://sift/files/sorter/openbsd.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/openbsd.sort' to resolve 'salt://sift/files/sorter/openbsd.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/linux.sort' to resolve 'salt://sift/files/sorter/linux.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/linux.sort' to resolve 'salt://sift/files/sorter/linux.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/solaris.sort' to resolve 'salt://sift/files/sorter/solaris.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/solaris.sort' to resolve 'salt://sift/files/sorter/solaris.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/windows.sort.bak' to resolve 'salt://sift/files/sorter/windows.sort.bak' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/windows.sort.bak' to resolve 'salt://sift/files/sorter/windows.sort.bak' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/images.sort' to resolve 'salt://sift/files/sorter/images.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/images.sort' to resolve 'salt://sift/files/sorter/images.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/archives.sort' to resolve 'salt://sift/files/sorter/archives.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/archives.sort' to resolve 'salt://sift/files/sorter/archives.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/exec.sort' to resolve 'salt://sift/files/sorter/exec.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/exec.sort' to resolve 'salt://sift/files/sorter/exec.sort' # [INFO ] The directory /usr/share/tsk/sorter is in the correct state # [INFO ] Completed state [/usr/share/tsk/sorter] at time 14:43:53.104017 duration_in_ms=24.747 # [INFO ] Running state [/usr/local/bin/sqlparser.py] at time 14:43:53.104217 # [INFO ] Executing state file.managed for [/usr/local/bin/sqlparser.py] # [DEBUG ] Requesting URL https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,3 @@ -#!/usr/bin/env python #sqlparse.py # #This program parses an SQLite3 database for deleted entires and # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/sqlparser.py] at time 14:43:54.301238 duration_in_ms=1197.02 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.prepend # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlparser.py] at time 14:43:55.019111 # [INFO ] Executing state file.prepend for [/usr/local/bin/sqlparser.py] # [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python #sqlparse.py # #This program parses an SQLite3 database for deleted entires and # [INFO ] Completed state [/usr/local/bin/sqlparser.py] at time 14:43:55.021460 duration_in_ms=2.35 # [INFO ] Running state [/usr/local/bin/usbdeviceforensics.py] at time 14:43:55.021643 # [INFO ] Executing state file.managed for [/usr/local/bin/usbdeviceforensics.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's # UsbDeviceForensics .Net WinForms GUI application. # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/usbdeviceforensics.py] at time 14:43:55.440096 duration_in_ms=418.452 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.replace # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/usbdeviceforensics.py] at time 14:43:56.152965 # [INFO ] Executing state file.replace for [/usr/local/bin/usbdeviceforensics.py] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's # UsbDeviceForensics .Net WinForms GUI application. # [INFO ] Completed state [/usr/local/bin/usbdeviceforensics.py] at time 14:43:56.158531 duration_in_ms=5.567 # [INFO ] Running state [/usr/local/src/virustotal-search-v0.1.4] at time 14:43:56.158709 # [INFO ] Executing state archive.extracted for [/usr/local/src/virustotal-search-v0.1.4] # [DEBUG ] Requesting URL https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip using GET method # [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip', 'result': True} # [DEBUG ] Checking https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip to see if it is password-protected # [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip # [INFO ] All files in archive are already present # [INFO ] Completed state [/usr/local/src/virustotal-search-v0.1.4] at time 14:43:57.063894 duration_in_ms=905.182 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/virustotal-search.py] at time 14:43:57.084300 # [INFO ] Executing state file.managed for [/usr/local/bin/virustotal-search.py] # [INFO ] File /usr/local/bin/virustotal-search.py is in the correct state # [INFO ] Completed state [/usr/local/bin/virustotal-search.py] at time 14:43:57.088862 duration_in_ms=4.563 # [INFO ] Running state [/usr/local/src/virustotal-submit-v0.0.3] at time 14:43:57.089451 # [INFO ] Executing state archive.extracted for [/usr/local/src/virustotal-submit-v0.0.3] # [DEBUG ] Requesting URL https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip using GET method # [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip', 'result': True} # [DEBUG ] Checking https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip to see if it is password-protected # [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip # [INFO ] All files in archive are already present # [INFO ] Completed state [/usr/local/src/virustotal-submit-v0.0.3] at time 14:43:57.826207 duration_in_ms=736.754 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/virustotal-submit.py] at time 14:43:57.846713 # [INFO ] Executing state file.managed for [/usr/local/bin/virustotal-submit.py] # [INFO ] File /usr/local/bin/virustotal-submit.py is in the correct state # [INFO ] Completed state [/usr/local/bin/virustotal-submit.py] at time 14:43:57.850518 duration_in_ms=3.806 # [INFO ] Running state [/usr/local/bin/vshot] at time 14:43:57.860627 # [INFO ] Executing state file.managed for [/usr/local/bin/vshot] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot using GET method # [INFO ] File /usr/local/bin/vshot is in the correct state # [INFO ] Completed state [/usr/local/bin/vshot] at time 14:43:58.095544 duration_in_ms=234.915 # [INFO ] Running state [sift-scripts] at time 14:43:58.159663 # [INFO ] Executing state test.nop for [sift-scripts] # [INFO ] Success! # [INFO ] Completed state [sift-scripts] at time 14:43:58.160422 duration_in_ms=0.76 # [INFO ] Running state [/etc/hostname] at time 14:43:58.160628 # [INFO ] Executing state file.managed for [/etc/hostname] # [INFO ] File /etc/hostname is in the correct state # [INFO ] Completed state [/etc/hostname] at time 14:43:58.168588 duration_in_ms=7.959 # [INFO ] Running state [hostnamectl set-hostname siftworkstation] at time 14:43:58.168803 # [INFO ] Executing state cmd.run for [hostnamectl set-hostname siftworkstation] # [INFO ] Executing command 'test "siftworkstation" = "$(hostname)"' in directory '/home/sansforensics' # [DEBUG ] output: # [DEBUG ] Last command return code: 0 # [INFO ] unless execution succeeded # [INFO ] Completed state [hostnamectl set-hostname siftworkstation] at time 14:43:58.266295 duration_in_ms=97.492 # [INFO ] Running state [siftworkstation] at time 14:43:58.266550 # [INFO ] Executing state host.present for [siftworkstation] # [INFO ] Host siftworkstation (127.0.0.1) already present # [INFO ] Completed state [siftworkstation] at time 14:43:58.267394 duration_in_ms=0.843 # [INFO ] Running state [sansforensics] at time 14:43:58.267550 # [INFO ] Executing state user.present for [sansforensics] # [INFO ] User sansforensics is present and up to date # [INFO ] Completed state [sansforensics] at time 14:43:58.268979 duration_in_ms=1.429 # [INFO ] Running state [/home/sansforensics/.bash_aliases] at time 14:43:58.272028 # [INFO ] Executing state file.append for [/home/sansforensics/.bash_aliases] # [INFO ] File /home/sansforensics/.bash_aliases is in correct state # [INFO ] Completed state [/home/sansforensics/.bash_aliases] at time 14:43:58.273802 duration_in_ms=1.774 # [INFO ] Running state [/root/.bash_aliases] at time 14:43:58.276045 # [INFO ] Executing state file.append for [/root/.bash_aliases] # [INFO ] File /root/.bash_aliases is in correct state # [INFO ] Completed state [/root/.bash_aliases] at time 14:43:58.277077 duration_in_ms=1.032 # [INFO ] Running state [/home/sansforensics/.bashrc] at time 14:43:58.279149 # [INFO ] Executing state file.append for [/home/sansforensics/.bashrc] # [INFO ] File /home/sansforensics/.bashrc is in correct state # [INFO ] Completed state [/home/sansforensics/.bashrc] at time 14:43:58.280641 duration_in_ms=1.492 # [INFO ] Running state [/home/sansforensics/.bashrc] at time 14:43:58.282818 # [INFO ] Executing state file.append for [/home/sansforensics/.bashrc] # [INFO ] File /home/sansforensics/.bashrc is in correct state # [INFO ] Completed state [/home/sansforensics/.bashrc] at time 14:43:58.284740 duration_in_ms=1.921 # [INFO ] Running state [/root/.bashrc] at time 14:43:58.287801 # [INFO ] Executing state file.append for [/root/.bashrc] # [INFO ] File /root/.bashrc is in correct state # [INFO ] Completed state [/root/.bashrc] at time 14:43:58.289074 duration_in_ms=1.273 # [INFO ] Running state [/home/sansforensics/.config/autostart] at time 14:43:58.291104 # [INFO ] Executing state file.directory for [/home/sansforensics/.config/autostart] # [INFO ] Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated # [INFO ] Completed state [/home/sansforensics/.config/autostart] at time 14:43:58.292133 duration_in_ms=1.028 # [INFO ] Running state [/home/sansforensics/Desktop] at time 14:43:58.294206 # [INFO ] Executing state file.recurse for [/home/sansforensics/Desktop] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [INFO ] The directory /home/sansforensics/Desktop is in the correct state # [INFO ] Completed state [/home/sansforensics/Desktop] at time 14:43:58.548854 duration_in_ms=254.647 # [INFO ] Running state [/home/sansforensics/Desktop] at time 14:43:58.551425 # [INFO ] Executing state file.directory for [/home/sansforensics/Desktop] # [INFO ] Directory /home/sansforensics/Desktop is in the correct state Directory /home/sansforensics/Desktop updated # [INFO ] Completed state [/home/sansforensics/Desktop] at time 14:43:58.552352 duration_in_ms=0.928 # [INFO ] Running state [/home/sansforensics/Desktop/mount_points] at time 14:43:58.556872 # [INFO ] Executing state file.symlink for [/home/sansforensics/Desktop/mount_points] # [INFO ] Symlink /home/sansforensics/Desktop/mount_points is present and owned by sansforensics:sansforensics # [INFO ] Completed state [/home/sansforensics/Desktop/mount_points] at time 14:43:58.557962 duration_in_ms=1.09 # [INFO ] Running state [/home/sansforensics/Desktop/cases] at time 14:43:58.562152 # [INFO ] Executing state file.symlink for [/home/sansforensics/Desktop/cases] # [INFO ] Symlink /home/sansforensics/Desktop/cases is present and owned by sansforensics:sansforensics # [INFO ] Completed state [/home/sansforensics/Desktop/cases] at time 14:43:58.563602 duration_in_ms=1.449 # [INFO ] Running state [/usr/share/backgrounds] at time 14:43:58.563782 # [INFO ] Executing state file.directory for [/usr/share/backgrounds] # [INFO ] Directory /usr/share/backgrounds is in the correct state Directory /usr/share/backgrounds updated # [INFO ] Completed state [/usr/share/backgrounds] at time 14:43:58.564696 duration_in_ms=0.914 # [INFO ] Running state [/usr/share/backgrounds/warty-final-ubuntu.png] at time 14:43:58.571692 # [INFO ] Executing state file.managed for [/usr/share/backgrounds/warty-final-ubuntu.png] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [INFO ] File /usr/share/backgrounds/warty-final-ubuntu.png is in the correct state # [INFO ] Completed state [/usr/share/backgrounds/warty-final-ubuntu.png] at time 14:43:58.575379 duration_in_ms=3.687 # [INFO ] Running state [/usr/share/unity-greeter] at time 14:43:58.575582 # [INFO ] Executing state file.directory for [/usr/share/unity-greeter] # [INFO ] Directory /usr/share/unity-greeter is in the correct state Directory /usr/share/unity-greeter updated # [INFO ] Completed state [/usr/share/unity-greeter] at time 14:43:58.576334 duration_in_ms=0.752 # [INFO ] Running state [/usr/share/unity-greeter/logo.png] at time 14:43:58.581010 # [INFO ] Executing state file.managed for [/usr/share/unity-greeter/logo.png] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [INFO ] File /usr/share/unity-greeter/logo.png is in the correct state # [INFO ] Completed state [/usr/share/unity-greeter/logo.png] at time 14:43:58.584421 duration_in_ms=3.411 # [INFO ] Running state [/home/sansforensics/.config/autostart/] at time 14:43:58.584613 # [INFO ] Executing state file.directory for [/home/sansforensics/.config/autostart/] # [INFO ] Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated # [INFO ] Completed state [/home/sansforensics/.config/autostart/] at time 14:43:58.585403 duration_in_ms=0.79 # [INFO ] Running state [/home/sansforensics/.config/autostart/gnome-terminal.desktop] at time 14:43:58.589870 # [INFO ] Executing state file.managed for [/home/sansforensics/.config/autostart/gnome-terminal.desktop] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [INFO ] File /home/sansforensics/.config/autostart/gnome-terminal.desktop is in the correct state # [INFO ] Completed state [/home/sansforensics/.config/autostart/gnome-terminal.desktop] at time 14:43:58.592733 duration_in_ms=2.862 # [INFO ] Running state [sift-config-user] at time 14:43:58.602554 # [INFO ] Executing state test.nop for [sift-config-user] # [INFO ] Success! # [INFO ] Completed state [sift-config-user] at time 14:43:58.603274 duration_in_ms=0.72 # [INFO ] Running state [Etc/UTC] at time 14:43:58.603472 # [INFO ] Executing state timezone.system for [Etc/UTC] # [INFO ] Executing command ['timedatectl'] in directory '/home/sansforensics' # [DEBUG ] stdout: Local time: Thu 2017-09-07 14:43:58 UTC Universal time: Thu 2017-09-07 14:43:58 UTC RTC time: Thu 2017-09-07 14:43:59 Time zone: Etc/UTC (UTC, +0000) Network time on: yes NTP synchronized: yes RTC in local TZ: no # [INFO ] Timezone Etc/UTC already set, UTC already set to Etc/UTC # [INFO ] Completed state [Etc/UTC] at time 14:43:58.797753 duration_in_ms=194.28 # [INFO ] Running state [/cases] at time 14:43:58.805038 # [INFO ] Executing state file.directory for [/cases] # [INFO ] Directory /cases is in the correct state Directory /cases updated # [INFO ] Completed state [/cases] at time 14:43:58.807763 duration_in_ms=2.726 # [INFO ] Running state [/mnt/usb] at time 14:43:58.808222 # [INFO ] Executing state file.directory for [/mnt/usb] # [INFO ] Directory /mnt/usb is in the correct state Directory /mnt/usb updated # [INFO ] Completed state [/mnt/usb] at time 14:43:58.810255 duration_in_ms=2.032 # [INFO ] Running state [/mnt/vss] at time 14:43:58.810623 # [INFO ] Executing state file.directory for [/mnt/vss] # [INFO ] Directory /mnt/vss is in the correct state Directory /mnt/vss updated # [INFO ] Completed state [/mnt/vss] at time 14:43:58.814094 duration_in_ms=3.469 # [INFO ] Running state [/mnt/shadow] at time 14:43:58.814703 # [INFO ] Executing state file.directory for [/mnt/shadow] # [INFO ] Directory /mnt/shadow is in the correct state Directory /mnt/shadow updated # [INFO ] Completed state [/mnt/shadow] at time 14:43:58.818288 duration_in_ms=3.584 # [INFO ] Running state [/mnt/windows_mount] at time 14:43:58.818954 # [INFO ] Executing state file.directory for [/mnt/windows_mount] # [INFO ] Directory /mnt/windows_mount is in the correct state Directory /mnt/windows_mount updated # [INFO ] Completed state [/mnt/windows_mount] at time 14:43:58.822414 duration_in_ms=3.458 # [INFO ] Running state [/mnt/e01] at time 14:43:58.823352 # [INFO ] Executing state file.directory for [/mnt/e01] # [INFO ] Directory /mnt/e01 is in the correct state Directory /mnt/e01 updated # [INFO ] Completed state [/mnt/e01] at time 14:43:58.826702 duration_in_ms=3.35 # [INFO ] Running state [/mnt/aff] at time 14:43:58.827186 # [INFO ] Executing state file.directory for [/mnt/aff] # [INFO ] Directory /mnt/aff is in the correct state Directory /mnt/aff updated # [INFO ] Completed state [/mnt/aff] at time 14:43:58.830660 duration_in_ms=3.473 # [INFO ] Running state [/mnt/ewf] at time 14:43:58.831254 # [INFO ] Executing state file.directory for [/mnt/ewf] # [INFO ] Directory /mnt/ewf is in the correct state Directory /mnt/ewf updated # [INFO ] Completed state [/mnt/ewf] at time 14:43:58.834723 duration_in_ms=3.467 # [INFO ] Running state [/mnt/bde] at time 14:43:58.835285 # [INFO ] Executing state file.directory for [/mnt/bde] # [INFO ] Directory /mnt/bde is in the correct state Directory /mnt/bde updated # [INFO ] Completed state [/mnt/bde] at time 14:43:58.838707 duration_in_ms=3.422 # [INFO ] Running state [/mnt/iscsi] at time 14:43:58.839270 # [INFO ] Executing state file.directory for [/mnt/iscsi] # [INFO ] Directory /mnt/iscsi is in the correct state Directory /mnt/iscsi updated # [INFO ] Completed state [/mnt/iscsi] at time 14:43:58.841629 duration_in_ms=2.36 # [INFO ] Running state [/mnt/windows_mount1] at time 14:43:58.841948 # [INFO ] Executing state file.directory for [/mnt/windows_mount1] # [INFO ] Directory /mnt/windows_mount1 is in the correct state Directory /mnt/windows_mount1 updated # [INFO ] Completed state [/mnt/windows_mount1] at time 14:43:58.843670 duration_in_ms=1.721 # [INFO ] Running state [/mnt/windows_mount2] at time 14:43:58.843959 # [INFO ] Executing state file.directory for [/mnt/windows_mount2] # [INFO ] Directory /mnt/windows_mount2 is in the correct state Directory /mnt/windows_mount2 updated # [INFO ] Completed state [/mnt/windows_mount2] at time 14:43:58.845775 duration_in_ms=1.815 # [INFO ] Running state [/mnt/windows_mount3] at time 14:43:58.846078 # [INFO ] Executing state file.directory for [/mnt/windows_mount3] # [INFO ] Directory /mnt/windows_mount3 is in the correct state Directory /mnt/windows_mount3 updated # [INFO ] Completed state [/mnt/windows_mount3] at time 14:43:58.847778 duration_in_ms=1.699 # [INFO ] Running state [/mnt/windows_mount4] at time 14:43:58.848059 # [INFO ] Executing state file.directory for [/mnt/windows_mount4] # [INFO ] Directory /mnt/windows_mount4 is in the correct state Directory /mnt/windows_mount4 updated # [INFO ] Completed state [/mnt/windows_mount4] at time 14:43:58.849863 duration_in_ms=1.804 # [INFO ] Running state [/mnt/windows_mount5] at time 14:43:58.850381 # [INFO ] Executing state file.directory for [/mnt/windows_mount5] # [INFO ] Directory /mnt/windows_mount5 is in the correct state Directory /mnt/windows_mount5 updated # [INFO ] Completed state [/mnt/windows_mount5] at time 14:43:58.852460 duration_in_ms=2.078 # [INFO ] Running state [/mnt/shadow/vss1] at time 14:43:58.852809 # [INFO ] Executing state file.directory for [/mnt/shadow/vss1] # [INFO ] Directory /mnt/shadow/vss1 is in the correct state Directory /mnt/shadow/vss1 updated # [INFO ] Completed state [/mnt/shadow/vss1] at time 14:43:58.854551 duration_in_ms=1.742 # [INFO ] Running state [/mnt/shadow/vss2] at time 14:43:58.854875 # [INFO ] Executing state file.directory for [/mnt/shadow/vss2] # [INFO ] Directory /mnt/shadow/vss2 is in the correct state Directory /mnt/shadow/vss2 updated # [INFO ] Completed state [/mnt/shadow/vss2] at time 14:43:58.856584 duration_in_ms=1.708 # [INFO ] Running state [/mnt/shadow/vss3] at time 14:43:58.856860 # [INFO ] Executing state file.directory for [/mnt/shadow/vss3] # [INFO ] Directory /mnt/shadow/vss3 is in the correct state Directory /mnt/shadow/vss3 updated # [INFO ] Completed state [/mnt/shadow/vss3] at time 14:43:58.858587 duration_in_ms=1.726 # [INFO ] Running state [/mnt/shadow/vss4] at time 14:43:58.858897 # [INFO ] Executing state file.directory for [/mnt/shadow/vss4] # [INFO ] Directory /mnt/shadow/vss4 is in the correct state Directory /mnt/shadow/vss4 updated # [INFO ] Completed state [/mnt/shadow/vss4] at time 14:43:58.860701 duration_in_ms=1.803 # [INFO ] Running state [/mnt/shadow/vss5] at time 14:43:58.861020 # [INFO ] Executing state file.directory for [/mnt/shadow/vss5] # [INFO ] Directory /mnt/shadow/vss5 is in the correct state Directory /mnt/shadow/vss5 updated # [INFO ] Completed state [/mnt/shadow/vss5] at time 14:43:58.862732 duration_in_ms=1.711 # [INFO ] Running state [/mnt/shadow/vss6] at time 14:43:58.863008 # [INFO ] Executing state file.directory for [/mnt/shadow/vss6] # [INFO ] Directory /mnt/shadow/vss6 is in the correct state Directory /mnt/shadow/vss6 updated # [INFO ] Completed state [/mnt/shadow/vss6] at time 14:43:58.864769 duration_in_ms=1.76 # [INFO ] Running state [/mnt/shadow/vss7] at time 14:43:58.865035 # [INFO ] Executing state file.directory for [/mnt/shadow/vss7] # [INFO ] Directory /mnt/shadow/vss7 is in the correct state Directory /mnt/shadow/vss7 updated # [INFO ] Completed state [/mnt/shadow/vss7] at time 14:43:58.867055 duration_in_ms=2.018 # [INFO ] Running state [/mnt/shadow/vss8] at time 14:43:58.867420 # [INFO ] Executing state file.directory for [/mnt/shadow/vss8] # [INFO ] Directory /mnt/shadow/vss8 is in the correct state Directory /mnt/shadow/vss8 updated # [INFO ] Completed state [/mnt/shadow/vss8] at time 14:43:58.869548 duration_in_ms=2.127 # [INFO ] Running state [/mnt/shadow/vss9] at time 14:43:58.869865 # [INFO ] Executing state file.directory for [/mnt/shadow/vss9] # [INFO ] Directory /mnt/shadow/vss9 is in the correct state Directory /mnt/shadow/vss9 updated # [INFO ] Completed state [/mnt/shadow/vss9] at time 14:43:58.871101 duration_in_ms=1.236 # [INFO ] Running state [/mnt/shadow/vss10] at time 14:43:58.871293 # [INFO ] Executing state file.directory for [/mnt/shadow/vss10] # [INFO ] Directory /mnt/shadow/vss10 is in the correct state Directory /mnt/shadow/vss10 updated # [INFO ] Completed state [/mnt/shadow/vss10] at time 14:43:58.872375 duration_in_ms=1.082 # [INFO ] Running state [/mnt/shadow/vss11] at time 14:43:58.872545 # [INFO ] Executing state file.directory for [/mnt/shadow/vss11] # [INFO ] Directory /mnt/shadow/vss11 is in the correct state Directory /mnt/shadow/vss11 updated # [INFO ] Completed state [/mnt/shadow/vss11] at time 14:43:58.873606 duration_in_ms=1.061 # [INFO ] Running state [/mnt/shadow/vss12] at time 14:43:58.873769 # [INFO ] Executing state file.directory for [/mnt/shadow/vss12] # [INFO ] Directory /mnt/shadow/vss12 is in the correct state Directory /mnt/shadow/vss12 updated # [INFO ] Completed state [/mnt/shadow/vss12] at time 14:43:58.874811 duration_in_ms=1.042 # [INFO ] Running state [/mnt/shadow/vss13] at time 14:43:58.874974 # [INFO ] Executing state file.directory for [/mnt/shadow/vss13] # [INFO ] Directory /mnt/shadow/vss13 is in the correct state Directory /mnt/shadow/vss13 updated # [INFO ] Completed state [/mnt/shadow/vss13] at time 14:43:58.876057 duration_in_ms=1.083 # [INFO ] Running state [/mnt/shadow/vss14] at time 14:43:58.876266 # [INFO ] Executing state file.directory for [/mnt/shadow/vss14] # [INFO ] Directory /mnt/shadow/vss14 is in the correct state Directory /mnt/shadow/vss14 updated # [INFO ] Completed state [/mnt/shadow/vss14] at time 14:43:58.877277 duration_in_ms=1.011 # [INFO ] Running state [/mnt/shadow/vss15] at time 14:43:58.877445 # [INFO ] Executing state file.directory for [/mnt/shadow/vss15] # [INFO ] Directory /mnt/shadow/vss15 is in the correct state Directory /mnt/shadow/vss15 updated # [INFO ] Completed state [/mnt/shadow/vss15] at time 14:43:58.878462 duration_in_ms=1.017 # [INFO ] Running state [/mnt/shadow/vss16] at time 14:43:58.878629 # [INFO ] Executing state file.directory for [/mnt/shadow/vss16] # [INFO ] Directory /mnt/shadow/vss16 is in the correct state Directory /mnt/shadow/vss16 updated # [INFO ] Completed state [/mnt/shadow/vss16] at time 14:43:58.879616 duration_in_ms=0.987 # [INFO ] Running state [/mnt/shadow/vss17] at time 14:43:58.879780 # [INFO ] Executing state file.directory for [/mnt/shadow/vss17] # [INFO ] Directory /mnt/shadow/vss17 is in the correct state Directory /mnt/shadow/vss17 updated # [INFO ] Completed state [/mnt/shadow/vss17] at time 14:43:58.880810 duration_in_ms=1.03 # [INFO ] Running state [/mnt/shadow/vss18] at time 14:43:58.880976 # [INFO ] Executing state file.directory for [/mnt/shadow/vss18] # [INFO ] Directory /mnt/shadow/vss18 is in the correct state Directory /mnt/shadow/vss18 updated # [INFO ] Completed state [/mnt/shadow/vss18] at time 14:43:58.881993 duration_in_ms=1.017 # [INFO ] Running state [/mnt/shadow/vss19] at time 14:43:58.882159 # [INFO ] Executing state file.directory for [/mnt/shadow/vss19] # [INFO ] Directory /mnt/shadow/vss19 is in the correct state Directory /mnt/shadow/vss19 updated # [INFO ] Completed state [/mnt/shadow/vss19] at time 14:43:58.883240 duration_in_ms=1.081 # [INFO ] Running state [/mnt/shadow/vss20] at time 14:43:58.883412 # [INFO ] Executing state file.directory for [/mnt/shadow/vss20] # [INFO ] Directory /mnt/shadow/vss20 is in the correct state Directory /mnt/shadow/vss20 updated # [INFO ] Completed state [/mnt/shadow/vss20] at time 14:43:58.884415 duration_in_ms=1.002 # [INFO ] Running state [/mnt/shadow/vss21] at time 14:43:58.884579 # [INFO ] Executing state file.directory for [/mnt/shadow/vss21] # [INFO ] Directory /mnt/shadow/vss21 is in the correct state Directory /mnt/shadow/vss21 updated # [INFO ] Completed state [/mnt/shadow/vss21] at time 14:43:58.885561 duration_in_ms=0.982 # [INFO ] Running state [/mnt/shadow/vss22] at time 14:43:58.885728 # [INFO ] Executing state file.directory for [/mnt/shadow/vss22] # [INFO ] Directory /mnt/shadow/vss22 is in the correct state Directory /mnt/shadow/vss22 updated # [INFO ] Completed state [/mnt/shadow/vss22] at time 14:43:58.886705 duration_in_ms=0.977 # [INFO ] Running state [/mnt/shadow/vss23] at time 14:43:58.886868 # [INFO ] Executing state file.directory for [/mnt/shadow/vss23] # [INFO ] Directory /mnt/shadow/vss23 is in the correct state Directory /mnt/shadow/vss23 updated # [INFO ] Completed state [/mnt/shadow/vss23] at time 14:43:58.887832 duration_in_ms=0.964 # [INFO ] Running state [/mnt/shadow/vss24] at time 14:43:58.887995 # [INFO ] Executing state file.directory for [/mnt/shadow/vss24] # [INFO ] Directory /mnt/shadow/vss24 is in the correct state Directory /mnt/shadow/vss24 updated # [INFO ] Completed state [/mnt/shadow/vss24] at time 14:43:58.889009 duration_in_ms=1.014 # [INFO ] Running state [/mnt/shadow/vss25] at time 14:43:58.889174 # [INFO ] Executing state file.directory for [/mnt/shadow/vss25] # [INFO ] Directory /mnt/shadow/vss25 is in the correct state Directory /mnt/shadow/vss25 updated # [INFO ] Completed state [/mnt/shadow/vss25] at time 14:43:58.890164 duration_in_ms=0.989 # [INFO ] Running state [/mnt/shadow/vss26] at time 14:43:58.890375 # [INFO ] Executing state file.directory for [/mnt/shadow/vss26] # [INFO ] Directory /mnt/shadow/vss26 is in the correct state Directory /mnt/shadow/vss26 updated # [INFO ] Completed state [/mnt/shadow/vss26] at time 14:43:58.891350 duration_in_ms=0.974 # [INFO ] Running state [/mnt/shadow/vss27] at time 14:43:58.891516 # [INFO ] Executing state file.directory for [/mnt/shadow/vss27] # [INFO ] Directory /mnt/shadow/vss27 is in the correct state Directory /mnt/shadow/vss27 updated # [INFO ] Completed state [/mnt/shadow/vss27] at time 14:43:58.892516 duration_in_ms=1.0 # [INFO ] Running state [/mnt/shadow/vss28] at time 14:43:58.892682 # [INFO ] Executing state file.directory for [/mnt/shadow/vss28] # [INFO ] Directory /mnt/shadow/vss28 is in the correct state Directory /mnt/shadow/vss28 updated # [INFO ] Completed state [/mnt/shadow/vss28] at time 14:43:58.893662 duration_in_ms=0.98 # [INFO ] Running state [/mnt/shadow/vss29] at time 14:43:58.893825 # [INFO ] Executing state file.directory for [/mnt/shadow/vss29] # [INFO ] Directory /mnt/shadow/vss29 is in the correct state Directory /mnt/shadow/vss29 updated # [INFO ] Completed state [/mnt/shadow/vss29] at time 14:43:58.894769 duration_in_ms=0.943 # [INFO ] Running state [/mnt/shadow/vss30] at time 14:43:58.894919 # [INFO ] Executing state file.directory for [/mnt/shadow/vss30] # [INFO ] Directory /mnt/shadow/vss30 is in the correct state Directory /mnt/shadow/vss30 updated # [INFO ] Completed state [/mnt/shadow/vss30] at time 14:43:58.895868 duration_in_ms=0.947 # [INFO ] Running state [salt-minion] at time 14:43:58.896024 # [INFO ] Executing state service.dead for [salt-minion] # [INFO ] Executing command ['systemctl', 'status', 'salt-minion.service', '-n', '0'] in directory '/home/sansforensics' # [DEBUG ] stdout: * salt-minion.service - The Salt Minion Loaded: loaded (/lib/systemd/system/salt-minion.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:salt-minion(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html # [DEBUG ] retcode: 3 # [INFO ] Executing command ['systemctl', 'is-active', 'salt-minion.service'] in directory '/home/sansforensics' # [DEBUG ] output: inactive # [INFO ] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/home/sansforensics' # [DEBUG ] output: disabled # [DEBUG ] sysvinit script 'x11-common' found, but systemd unit 'x11-common.service' already exists # [DEBUG ] sysvinit script 'networking' found, but systemd unit 'networking.service' already exists # [DEBUG ] sysvinit script 'umountfs' found, but systemd unit 'umountfs.service' already exists # [DEBUG ] sysvinit script 'network-manager' found, but systemd unit 'network-manager.service' already exists # [DEBUG ] sysvinit script 'open-iscsi' found, but systemd unit 'open-iscsi.service' already exists # [DEBUG ] sysvinit script 'sendsigs' found, but systemd unit 'sendsigs.service' already exists # [DEBUG ] sysvinit script 'killprocs' found, but systemd unit 'killprocs.service' already exists # [DEBUG ] sysvinit script 'console-setup' found, but systemd unit 'console-setup.service' already exists # [DEBUG ] sysvinit script 'docker' found, but systemd unit 'docker.service' already exists # [DEBUG ] sysvinit script 'anacron' found, but systemd unit 'anacron.service' already exists # [DEBUG ] sysvinit script 'salt-minion' found, but systemd unit 'salt-minion.service' already exists # [DEBUG ] sysvinit script 'samba' found, but systemd unit 'samba.service' already exists # [DEBUG ] sysvinit script 'keyboard-setup' found, but systemd unit 'keyboard-setup.service' already exists # [DEBUG ] sysvinit script 'cron' found, but systemd unit 'cron.service' already exists # [DEBUG ] sysvinit script 'kerneloops' found, but systemd unit 'kerneloops.service' already exists # [DEBUG ] sysvinit script 'kmod' found, but systemd unit 'kmod.service' already exists # [DEBUG ] sysvinit script 'lightdm' found, but systemd unit 'lightdm.service' already exists # [DEBUG ] sysvinit script 'reboot' found, but systemd unit 'reboot.service' already exists # [DEBUG ] sysvinit script 'alsa-utils' found, but systemd unit 'alsa-utils.service' already exists # [DEBUG ] sysvinit script 'pppd-dns' found, but systemd unit 'pppd-dns.service' already exists # [DEBUG ] sysvinit script 'binfmt-support' found, but systemd unit 'binfmt-support.service' already exists # [DEBUG ] sysvinit script 'clamav-freshclam' found, but systemd unit 'clamav-freshclam.service' already exists # [DEBUG ] sysvinit script 'iscsid' found, but systemd unit 'iscsid.service' already exists # [DEBUG ] sysvinit script 'brltty' found, but systemd unit 'brltty.service' already exists # [DEBUG ] sysvinit script 'rc.local' found, but systemd unit 'rc.local.service' already exists # [DEBUG ] sysvinit script 'urandom' found, but systemd unit 'urandom.service' already exists # [DEBUG ] sysvinit script 'saned' found, but systemd unit 'saned.service' already exists # [DEBUG ] sysvinit script 'nfdump' found, but systemd unit 'nfdump.service' already exists # [DEBUG ] sysvinit script 'single' found, but systemd unit 'single.service' already exists # [DEBUG ] sysvinit script 'rcS' found, but systemd unit 'rcS.service' already exists # [DEBUG ] sysvinit script 'udev' found, but systemd unit 'udev.service' already exists # [DEBUG ] sysvinit script 'rc' found, but systemd unit 'rc.service' already exists # [DEBUG ] sysvinit script 'cryptdisks' found, but systemd unit 'cryptdisks.service' already exists # [DEBUG ] sysvinit script 'cups' found, but systemd unit 'cups.service' already exists # [DEBUG ] sysvinit script 'uuidd' found, but systemd unit 'uuidd.service' already exists # [DEBUG ] sysvinit script 'acpid' found, but systemd unit 'acpid.service' already exists # [DEBUG ] sysvinit script 'ufw' found, but systemd unit 'ufw.service' already exists # [DEBUG ] sysvinit script 'resolvconf' found, but systemd unit 'resolvconf.service' already exists # [DEBUG ] sysvinit script 'thermald' found, but systemd unit 'thermald.service' already exists # [DEBUG ] sysvinit script 'cups-browsed' found, but systemd unit 'cups-browsed.service' already exists # [DEBUG ] sysvinit script 'dns-clean' found, but systemd unit 'dns-clean.service' already exists # [DEBUG ] sysvinit script 'umountroot' found, but systemd unit 'umountroot.service' already exists # [DEBUG ] sysvinit script 'halt' found, but systemd unit 'halt.service' already exists # [DEBUG ] sysvinit script 'dbus' found, but systemd unit 'dbus.service' already exists # [DEBUG ] sysvinit script 'cryptdisks-early' found, but systemd unit 'cryptdisks-early.service' already exists # [DEBUG ] sysvinit script 'unattended-upgrades' found, but systemd unit 'unattended-upgrades.service' already exists # [DEBUG ] sysvinit script 'bluetooth' found, but systemd unit 'bluetooth.service' already exists # [DEBUG ] sysvinit script 'whoopsie' found, but systemd unit 'whoopsie.service' already exists # [DEBUG ] sysvinit script 'rsyslog' found, but systemd unit 'rsyslog.service' already exists # [DEBUG ] sysvinit script 'rsync' found, but systemd unit 'rsync.service' already exists # [DEBUG ] sysvinit script 'procps' found, but systemd unit 'procps.service' already exists # [DEBUG ] sysvinit script 'avahi-daemon' found, but systemd unit 'avahi-daemon.service' already exists # [DEBUG ] sysvinit script 'plymouth-log' found, but systemd unit 'plymouth-log.service' already exists # [DEBUG ] sysvinit script 'plymouth' found, but systemd unit 'plymouth.service' already exists # [DEBUG ] sysvinit script 'open-vm-tools' found, but systemd unit 'open-vm-tools.service' already exists # [INFO ] The service salt-minion is already dead # [INFO ] Completed state [salt-minion] at time 14:43:59.256871 duration_in_ms=360.847 # [INFO ] Running state [/etc/samba/smb.conf] at time 14:43:59.259978 # [INFO ] Executing state file.managed for [/etc/samba/smb.conf] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/samba/smb.conf' to resolve 'salt://sift/files/samba/smb.conf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/samba/smb.conf' to resolve 'salt://sift/files/samba/smb.conf' # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [INFO ] File /etc/samba/smb.conf is in the correct state # [INFO ] Completed state [/etc/samba/smb.conf] at time 14:43:59.272329 duration_in_ms=12.35 # [INFO ] Running state [smbd] at time 14:43:59.275542 # [INFO ] Executing state service.running for [smbd] # [INFO ] Executing command ['systemctl', 'status', 'smbd.service', '-n', '0'] in directory '/home/sansforensics' # [DEBUG ] stdout: * smbd.service - LSB: start Samba SMB/CIFS daemon (smbd) Loaded: loaded (/etc/init.d/smbd; bad; vendor preset: enabled) Active: active (running) since Thu 2017-09-07 14:17:45 UTC; 26min ago Docs: man:systemd-sysv-generator(8) Process: 21373 ExecStop=/etc/init.d/smbd stop (code=exited, status=0/SUCCESS) Process: 21387 ExecStart=/etc/init.d/smbd start (code=exited, status=0/SUCCESS) Tasks: 4 Memory: 10.9M CPU: 298ms CGroup: /system.slice/smbd.service |-21418 /usr/sbin/smbd -D |-21421 /usr/sbin/smbd -D |-21427 /usr/sbin/smbd -D `-21558 /usr/sbin/smbd -D # [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: active # [INFO ] Executing command ['systemctl', 'is-enabled', 'smbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: smbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled smbd enabled # [INFO ] The service smbd is already running # [INFO ] Completed state [smbd] at time 14:43:59.585645 duration_in_ms=310.102 # [INFO ] Running state [nmbd] at time 14:43:59.588789 # [INFO ] Executing state service.running for [nmbd] # [INFO ] Executing command ['systemctl', 'status', 'nmbd.service', '-n', '0'] in directory '/home/sansforensics' # [DEBUG ] stdout: * nmbd.service - LSB: start Samba NetBIOS nameserver (nmbd) Loaded: loaded (/etc/init.d/nmbd; bad; vendor preset: enabled) Active: active (running) since Thu 2017-09-07 14:17:47 UTC; 26min ago Docs: man:systemd-sysv-generator(8) Process: 21449 ExecStop=/etc/init.d/nmbd stop (code=exited, status=0/SUCCESS) Process: 21463 ExecStart=/etc/init.d/nmbd start (code=exited, status=0/SUCCESS) Tasks: 1 Memory: 5.3M CPU: 307ms CGroup: /system.slice/nmbd.service `-21491 /usr/sbin/nmbd -D # [INFO ] Executing command ['systemctl', 'is-active', 'nmbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: active # [INFO ] Executing command ['systemctl', 'is-enabled', 'nmbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: nmbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled nmbd enabled # [INFO ] The service nmbd is already running # [INFO ] Completed state [nmbd] at time 14:43:59.860423 duration_in_ms=271.632 # [INFO ] Running state [sift-config] at time 14:43:59.869315 # [INFO ] Executing state test.nop for [sift-config] # [INFO ] Success! # [INFO ] Completed state [sift-config] at time 14:43:59.869953 duration_in_ms=0.638 # [DEBUG ] File /var/cache/salt/minion/accumulator/139960391847376 does not exist, no need to cleanup. # [DEBUG ] LazyLoaded yaml.output local: archive_|-sift-scripts-virustotal-search-archive_|-/usr/local/src/virustotal-search-v0.1.4_|-extracted: __id__: sift-scripts-virustotal-search-archive __run_num__: 419 __sls__: sift.scripts.virustotal-tools changes: {} comment: All files in archive are already present duration: 905.182 name: /usr/local/src/virustotal-search-v0.1.4 result: true start_time: '14:43:56.158712' archive_|-sift-scripts-virustotal-submit-archive_|-/usr/local/src/virustotal-submit-v0.0.3_|-extracted: __id__: sift-scripts-virustotal-submit-archive __run_num__: 421 __sls__: sift.scripts.virustotal-tools changes: {} comment: All files in archive are already present duration: 736.754 name: /usr/local/src/virustotal-submit-v0.0.3 result: true start_time: '14:43:57.089453' archive_|-sift-tool-densityscout-archive_|-/usr/local/src/densityscout/densityscout_build_45_linux_|-extracted: __id__: sift-tool-densityscout-archive __run_num__: 270 __sls__: sift.tools.densityscout changes: {} comment: /usr/local/bin/densityscout-build-45 exists duration: 350.581 name: /usr/local/src/densityscout/densityscout_build_45_linux result: true start_time: '14:43:19.929972' cmd_|-hostname-set-hostname_|-hostnamectl set-hostname siftworkstation_|-run: __id__: hostname-set-hostname __run_num__: 426 __sls__: sift.config.hostname changes: {} comment: unless execution succeeded duration: 97.492 name: hostnamectl set-hostname siftworkstation result: true skip_watch: true start_time: '14:43:58.168803' ? cmd_|-sift-package-perl-cpan-configure_|-perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'_|-wait : __id__: sift-package-perl-cpan-configure __run_num__: 141 __sls__: sift.packages.perl changes: {} comment: '' duration: 0.63 name: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' result: true start_time: '14:41:15.496921' ? 'cmd_|-sift-scripts-regripper-plugins-all_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all_|-wait' : __id__: sift-scripts-regripper-plugins-all __run_num__: 392 __sls__: sift.scripts.regripper changes: pid: 23381 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all" run' duration: 117.832 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all' result: true start_time: '14:43:50.429541' ? 'cmd_|-sift-scripts-regripper-plugins-ntuser_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser_|-wait' : __id__: sift-scripts-regripper-plugins-ntuser __run_num__: 394 __sls__: sift.scripts.regripper changes: pid: 23398 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser" run' duration: 214.449 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser' result: true start_time: '14:43:50.551052' ? 'cmd_|-sift-scripts-regripper-plugins-sam_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam_|-wait' : __id__: sift-scripts-regripper-plugins-sam __run_num__: 398 __sls__: sift.scripts.regripper changes: pid: 23573 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam" run' duration: 132.442 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam' result: true start_time: '14:43:50.906637' ? 'cmd_|-sift-scripts-regripper-plugins-security_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security_|-wait' : __id__: sift-scripts-regripper-plugins-security __run_num__: 400 __sls__: sift.scripts.regripper changes: pid: 23581 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security" run' duration: 93.596 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security' result: true start_time: '14:43:51.042889' ? 'cmd_|-sift-scripts-regripper-plugins-software_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software_|-wait' : __id__: sift-scripts-regripper-plugins-software __run_num__: 402 __sls__: sift.scripts.regripper changes: pid: 23593 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software" run' duration: 230.346 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software' result: true start_time: '14:43:51.140026' ? 'cmd_|-sift-scripts-regripper-plugins-system_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system_|-wait' : __id__: sift-scripts-regripper-plugins-system __run_num__: 404 __sls__: sift.scripts.regripper changes: pid: 23698 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system" run' duration: 225.605 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system' result: true start_time: '14:43:51.382720' ? 'cmd_|-sift-scripts-regripper-plugins-usrclass_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass_|-wait' : __id__: sift-scripts-regripper-plugins-usrclass __run_num__: 396 __sls__: sift.scripts.regripper changes: pid: 23559 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass" run' duration: 133.77 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass' result: true start_time: '14:43:50.769205' cmd_|-sift-wine-i386-arch_|-dpkg --add-architecture i386_|-run: __id__: sift-wine-i386-arch __run_num__: 237 __sls__: sift.packages.wine changes: {} comment: unless execution succeeded duration: 86.589 name: dpkg --add-architecture i386 result: true skip_watch: true start_time: '14:42:16.318367' file_|-/mnt/aff_|-/mnt/aff_|-directory: __id__: /mnt/aff __run_num__: 453 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/aff is in the correct state Directory /mnt/aff updated' duration: 3.473 name: /mnt/aff pchanges: {} result: true start_time: '14:43:58.827187' file_|-/mnt/bde_|-/mnt/bde_|-directory: __id__: /mnt/bde __run_num__: 455 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/bde is in the correct state Directory /mnt/bde updated' duration: 3.422 name: /mnt/bde pchanges: {} result: true start_time: '14:43:58.835285' file_|-/mnt/e01_|-/mnt/e01_|-directory: __id__: /mnt/e01 __run_num__: 452 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/e01 is in the correct state Directory /mnt/e01 updated' duration: 3.35 name: /mnt/e01 pchanges: {} result: true start_time: '14:43:58.823352' file_|-/mnt/ewf_|-/mnt/ewf_|-directory: __id__: /mnt/ewf __run_num__: 454 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/ewf is in the correct state Directory /mnt/ewf updated' duration: 3.467 name: /mnt/ewf pchanges: {} result: true start_time: '14:43:58.831256' file_|-/mnt/iscsi_|-/mnt/iscsi_|-directory: __id__: /mnt/iscsi __run_num__: 456 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/iscsi is in the correct state Directory /mnt/iscsi updated' duration: 2.36 name: /mnt/iscsi pchanges: {} result: true start_time: '14:43:58.839269' file_|-/mnt/shadow/vss10_|-/mnt/shadow/vss10_|-directory: __id__: /mnt/shadow/vss10 __run_num__: 471 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss10 is in the correct state Directory /mnt/shadow/vss10 updated' duration: 1.082 name: /mnt/shadow/vss10 pchanges: {} result: true start_time: '14:43:58.871293' file_|-/mnt/shadow/vss11_|-/mnt/shadow/vss11_|-directory: __id__: /mnt/shadow/vss11 __run_num__: 472 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss11 is in the correct state Directory /mnt/shadow/vss11 updated' duration: 1.061 name: /mnt/shadow/vss11 pchanges: {} result: true start_time: '14:43:58.872545' file_|-/mnt/shadow/vss12_|-/mnt/shadow/vss12_|-directory: __id__: /mnt/shadow/vss12 __run_num__: 473 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss12 is in the correct state Directory /mnt/shadow/vss12 updated' duration: 1.042 name: /mnt/shadow/vss12 pchanges: {} result: true start_time: '14:43:58.873769' file_|-/mnt/shadow/vss13_|-/mnt/shadow/vss13_|-directory: __id__: /mnt/shadow/vss13 __run_num__: 474 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss13 is in the correct state Directory /mnt/shadow/vss13 updated' duration: 1.083 name: /mnt/shadow/vss13 pchanges: {} result: true start_time: '14:43:58.874974' file_|-/mnt/shadow/vss14_|-/mnt/shadow/vss14_|-directory: __id__: /mnt/shadow/vss14 __run_num__: 475 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss14 is in the correct state Directory /mnt/shadow/vss14 updated' duration: 1.011 name: /mnt/shadow/vss14 pchanges: {} result: true start_time: '14:43:58.876266' file_|-/mnt/shadow/vss15_|-/mnt/shadow/vss15_|-directory: __id__: /mnt/shadow/vss15 __run_num__: 476 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss15 is in the correct state Directory /mnt/shadow/vss15 updated' duration: 1.017 name: /mnt/shadow/vss15 pchanges: {} result: true start_time: '14:43:58.877445' file_|-/mnt/shadow/vss16_|-/mnt/shadow/vss16_|-directory: __id__: /mnt/shadow/vss16 __run_num__: 477 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss16 is in the correct state Directory /mnt/shadow/vss16 updated' duration: 0.987 name: /mnt/shadow/vss16 pchanges: {} result: true start_time: '14:43:58.878629' file_|-/mnt/shadow/vss17_|-/mnt/shadow/vss17_|-directory: __id__: /mnt/shadow/vss17 __run_num__: 478 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss17 is in the correct state Directory /mnt/shadow/vss17 updated' duration: 1.03 name: /mnt/shadow/vss17 pchanges: {} result: true start_time: '14:43:58.879780' file_|-/mnt/shadow/vss18_|-/mnt/shadow/vss18_|-directory: __id__: /mnt/shadow/vss18 __run_num__: 479 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss18 is in the correct state Directory /mnt/shadow/vss18 updated' duration: 1.017 name: /mnt/shadow/vss18 pchanges: {} result: true start_time: '14:43:58.880976' file_|-/mnt/shadow/vss19_|-/mnt/shadow/vss19_|-directory: __id__: /mnt/shadow/vss19 __run_num__: 480 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss19 is in the correct state Directory /mnt/shadow/vss19 updated' duration: 1.081 name: /mnt/shadow/vss19 pchanges: {} result: true start_time: '14:43:58.882159' file_|-/mnt/shadow/vss1_|-/mnt/shadow/vss1_|-directory: __id__: /mnt/shadow/vss1 __run_num__: 462 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss1 is in the correct state Directory /mnt/shadow/vss1 updated' duration: 1.742 name: /mnt/shadow/vss1 pchanges: {} result: true start_time: '14:43:58.852809' file_|-/mnt/shadow/vss20_|-/mnt/shadow/vss20_|-directory: __id__: /mnt/shadow/vss20 __run_num__: 481 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss20 is in the correct state Directory /mnt/shadow/vss20 updated' duration: 1.002 name: /mnt/shadow/vss20 pchanges: {} result: true start_time: '14:43:58.883413' file_|-/mnt/shadow/vss21_|-/mnt/shadow/vss21_|-directory: __id__: /mnt/shadow/vss21 __run_num__: 482 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss21 is in the correct state Directory /mnt/shadow/vss21 updated' duration: 0.982 name: /mnt/shadow/vss21 pchanges: {} result: true start_time: '14:43:58.884579' file_|-/mnt/shadow/vss22_|-/mnt/shadow/vss22_|-directory: __id__: /mnt/shadow/vss22 __run_num__: 483 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss22 is in the correct state Directory /mnt/shadow/vss22 updated' duration: 0.977 name: /mnt/shadow/vss22 pchanges: {} result: true start_time: '14:43:58.885728' file_|-/mnt/shadow/vss23_|-/mnt/shadow/vss23_|-directory: __id__: /mnt/shadow/vss23 __run_num__: 484 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss23 is in the correct state Directory /mnt/shadow/vss23 updated' duration: 0.964 name: /mnt/shadow/vss23 pchanges: {} result: true start_time: '14:43:58.886868' file_|-/mnt/shadow/vss24_|-/mnt/shadow/vss24_|-directory: __id__: /mnt/shadow/vss24 __run_num__: 485 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss24 is in the correct state Directory /mnt/shadow/vss24 updated' duration: 1.014 name: /mnt/shadow/vss24 pchanges: {} result: true start_time: '14:43:58.887995' file_|-/mnt/shadow/vss25_|-/mnt/shadow/vss25_|-directory: __id__: /mnt/shadow/vss25 __run_num__: 486 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss25 is in the correct state Directory /mnt/shadow/vss25 updated' duration: 0.989 name: /mnt/shadow/vss25 pchanges: {} result: true start_time: '14:43:58.889175' file_|-/mnt/shadow/vss26_|-/mnt/shadow/vss26_|-directory: __id__: /mnt/shadow/vss26 __run_num__: 487 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss26 is in the correct state Directory /mnt/shadow/vss26 updated' duration: 0.974 name: /mnt/shadow/vss26 pchanges: {} result: true start_time: '14:43:58.890376' file_|-/mnt/shadow/vss27_|-/mnt/shadow/vss27_|-directory: __id__: /mnt/shadow/vss27 __run_num__: 488 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss27 is in the correct state Directory /mnt/shadow/vss27 updated' duration: 1.0 name: /mnt/shadow/vss27 pchanges: {} result: true start_time: '14:43:58.891516' file_|-/mnt/shadow/vss28_|-/mnt/shadow/vss28_|-directory: __id__: /mnt/shadow/vss28 __run_num__: 489 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss28 is in the correct state Directory /mnt/shadow/vss28 updated' duration: 0.98 name: /mnt/shadow/vss28 pchanges: {} result: true start_time: '14:43:58.892682' file_|-/mnt/shadow/vss29_|-/mnt/shadow/vss29_|-directory: __id__: /mnt/shadow/vss29 __run_num__: 490 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss29 is in the correct state Directory /mnt/shadow/vss29 updated' duration: 0.943 name: /mnt/shadow/vss29 pchanges: {} result: true start_time: '14:43:58.893826' file_|-/mnt/shadow/vss2_|-/mnt/shadow/vss2_|-directory: __id__: /mnt/shadow/vss2 __run_num__: 463 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss2 is in the correct state Directory /mnt/shadow/vss2 updated' duration: 1.708 name: /mnt/shadow/vss2 pchanges: {} result: true start_time: '14:43:58.854876' file_|-/mnt/shadow/vss30_|-/mnt/shadow/vss30_|-directory: __id__: /mnt/shadow/vss30 __run_num__: 491 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss30 is in the correct state Directory /mnt/shadow/vss30 updated' duration: 0.947 name: /mnt/shadow/vss30 pchanges: {} result: true start_time: '14:43:58.894921' file_|-/mnt/shadow/vss3_|-/mnt/shadow/vss3_|-directory: __id__: /mnt/shadow/vss3 __run_num__: 464 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss3 is in the correct state Directory /mnt/shadow/vss3 updated' duration: 1.726 name: /mnt/shadow/vss3 pchanges: {} result: true start_time: '14:43:58.856861' file_|-/mnt/shadow/vss4_|-/mnt/shadow/vss4_|-directory: __id__: /mnt/shadow/vss4 __run_num__: 465 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss4 is in the correct state Directory /mnt/shadow/vss4 updated' duration: 1.803 name: /mnt/shadow/vss4 pchanges: {} result: true start_time: '14:43:58.858898' file_|-/mnt/shadow/vss5_|-/mnt/shadow/vss5_|-directory: __id__: /mnt/shadow/vss5 __run_num__: 466 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss5 is in the correct state Directory /mnt/shadow/vss5 updated' duration: 1.711 name: /mnt/shadow/vss5 pchanges: {} result: true start_time: '14:43:58.861021' file_|-/mnt/shadow/vss6_|-/mnt/shadow/vss6_|-directory: __id__: /mnt/shadow/vss6 __run_num__: 467 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss6 is in the correct state Directory /mnt/shadow/vss6 updated' duration: 1.76 name: /mnt/shadow/vss6 pchanges: {} result: true start_time: '14:43:58.863009' file_|-/mnt/shadow/vss7_|-/mnt/shadow/vss7_|-directory: __id__: /mnt/shadow/vss7 __run_num__: 468 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss7 is in the correct state Directory /mnt/shadow/vss7 updated' duration: 2.018 name: /mnt/shadow/vss7 pchanges: {} result: true start_time: '14:43:58.865037' file_|-/mnt/shadow/vss8_|-/mnt/shadow/vss8_|-directory: __id__: /mnt/shadow/vss8 __run_num__: 469 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss8 is in the correct state Directory /mnt/shadow/vss8 updated' duration: 2.127 name: /mnt/shadow/vss8 pchanges: {} result: true start_time: '14:43:58.867421' file_|-/mnt/shadow/vss9_|-/mnt/shadow/vss9_|-directory: __id__: /mnt/shadow/vss9 __run_num__: 470 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss9 is in the correct state Directory /mnt/shadow/vss9 updated' duration: 1.236 name: /mnt/shadow/vss9 pchanges: {} result: true start_time: '14:43:58.869865' file_|-/mnt/shadow_|-/mnt/shadow_|-directory: __id__: /mnt/shadow __run_num__: 450 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow is in the correct state Directory /mnt/shadow updated' duration: 3.584 name: /mnt/shadow pchanges: {} result: true start_time: '14:43:58.814704' file_|-/mnt/usb_|-/mnt/usb_|-directory: __id__: /mnt/usb __run_num__: 448 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/usb is in the correct state Directory /mnt/usb updated' duration: 2.032 name: /mnt/usb pchanges: {} result: true start_time: '14:43:58.808223' file_|-/mnt/vss_|-/mnt/vss_|-directory: __id__: /mnt/vss __run_num__: 449 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/vss is in the correct state Directory /mnt/vss updated' duration: 3.469 name: /mnt/vss pchanges: {} result: true start_time: '14:43:58.810625' file_|-/mnt/windows_mount1_|-/mnt/windows_mount1_|-directory: __id__: /mnt/windows_mount1 __run_num__: 457 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount1 is in the correct state Directory /mnt/windows_mount1 updated' duration: 1.721 name: /mnt/windows_mount1 pchanges: {} result: true start_time: '14:43:58.841949' file_|-/mnt/windows_mount2_|-/mnt/windows_mount2_|-directory: __id__: /mnt/windows_mount2 __run_num__: 458 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount2 is in the correct state Directory /mnt/windows_mount2 updated' duration: 1.815 name: /mnt/windows_mount2 pchanges: {} result: true start_time: '14:43:58.843960' file_|-/mnt/windows_mount3_|-/mnt/windows_mount3_|-directory: __id__: /mnt/windows_mount3 __run_num__: 459 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount3 is in the correct state Directory /mnt/windows_mount3 updated' duration: 1.699 name: /mnt/windows_mount3 pchanges: {} result: true start_time: '14:43:58.846079' file_|-/mnt/windows_mount4_|-/mnt/windows_mount4_|-directory: __id__: /mnt/windows_mount4 __run_num__: 460 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount4 is in the correct state Directory /mnt/windows_mount4 updated' duration: 1.804 name: /mnt/windows_mount4 pchanges: {} result: true start_time: '14:43:58.848059' file_|-/mnt/windows_mount5_|-/mnt/windows_mount5_|-directory: __id__: /mnt/windows_mount5 __run_num__: 461 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount5 is in the correct state Directory /mnt/windows_mount5 updated' duration: 2.078 name: /mnt/windows_mount5 pchanges: {} result: true start_time: '14:43:58.850382' file_|-/mnt/windows_mount_|-/mnt/windows_mount_|-directory: __id__: /mnt/windows_mount __run_num__: 451 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount is in the correct state Directory /mnt/windows_mount updated' duration: 3.458 name: /mnt/windows_mount pchanges: {} result: true start_time: '14:43:58.818956' file_|-bash-aliases-user-root_|-/root/.bash_aliases_|-append: __id__: bash-aliases-user-root __run_num__: 430 __sls__: sift.config.user.bash-aliases changes: {} comment: File /root/.bash_aliases is in correct state duration: 1.032 name: /root/.bash_aliases pchanges: {} result: true start_time: '14:43:58.276045' file_|-bash-aliases-user-sansforensics_|-/home/sansforensics/.bash_aliases_|-append: __id__: bash-aliases-user-sansforensics __run_num__: 429 __sls__: sift.config.user.bash-aliases changes: {} comment: File /home/sansforensics/.bash_aliases is in correct state duration: 1.774 name: /home/sansforensics/.bash_aliases pchanges: {} result: true start_time: '14:43:58.272028' file_|-config-folder-cases_|-/cases_|-directory: __id__: config-folder-cases __run_num__: 447 __sls__: sift.config.folders changes: {} comment: 'Directory /cases is in the correct state Directory /cases updated' duration: 2.726 name: /cases pchanges: {} result: true start_time: '14:43:58.805037' file_|-folders-config-autostart_|-/home/sansforensics/.config/autostart_|-directory: __id__: folders-config-autostart __run_num__: 434 __sls__: sift.config.user.folders changes: {} comment: 'Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated' duration: 1.028 name: /home/sansforensics/.config/autostart pchanges: {} result: true start_time: '14:43:58.291105' file_|-hostname-managed_|-/etc/hostname_|-managed: __id__: hostname-managed __run_num__: 425 __sls__: sift.config.hostname changes: {} comment: File /etc/hostname is in the correct state duration: 7.959 name: /etc/hostname pchanges: {} result: true start_time: '14:43:58.160629' file_|-pdfs-resource-copy_|-/home/sansforensics/Desktop_|-recurse: __id__: pdfs-resource-copy __run_num__: 435 __sls__: sift.config.user.pdfs changes: {} comment: The directory /home/sansforensics/Desktop is in the correct state duration: 254.647 name: /home/sansforensics/Desktop pchanges: {} result: true start_time: '14:43:58.294207' ? file_|-python-volatility-plugins-apihooksdeep.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py_|-absent : __id__: python-volatility-plugins-apihooksdeep.py-absent __run_num__: 196 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py is not present duration: 0.599 name: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py pchanges: {} result: true start_time: '14:42:16.078081' file_|-python-volatility-plugins-autoruns.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py_|-absent: __id__: python-volatility-plugins-autoruns.py-absent __run_num__: 188 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py is not present duration: 0.554 name: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py pchanges: {} result: true start_time: '14:42:16.031062' file_|-python-volatility-plugins-baseline.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py_|-absent: __id__: python-volatility-plugins-baseline.py-absent __run_num__: 191 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py is not present duration: 0.465 name: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py pchanges: {} result: true start_time: '14:42:16.048649' ? file_|-python-volatility-plugins-chromehistory.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py_|-absent : __id__: python-volatility-plugins-chromehistory.py-absent __run_num__: 183 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py is not present duration: 0.595 name: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py pchanges: {} result: true start_time: '14:42:16.001768' file_|-python-volatility-plugins-editbox.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py_|-absent: __id__: python-volatility-plugins-editbox.py-absent __run_num__: 197 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py is not present duration: 0.785 name: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py pchanges: {} result: true start_time: '14:42:16.084161' ? file_|-python-volatility-plugins-firefoxhistory.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py_|-absent : __id__: python-volatility-plugins-firefoxhistory.py-absent __run_num__: 187 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py is not present duration: 0.62 name: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py pchanges: {} result: true start_time: '14:42:16.024818' file_|-python-volatility-plugins-idxparser.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py_|-absent: __id__: python-volatility-plugins-idxparser.py-absent __run_num__: 182 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py is not present duration: 0.488 name: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py pchanges: {} result: true start_time: '14:42:15.995806' file_|-python-volatility-plugins-javarat.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py_|-absent: __id__: python-volatility-plugins-javarat.py-absent __run_num__: 198 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py is not present duration: 0.463 name: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py pchanges: {} result: true start_time: '14:42:16.090087' ? file_|-python-volatility-plugins-malfinddeep.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py_|-absent : __id__: python-volatility-plugins-malfinddeep.py-absent __run_num__: 189 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py is not present duration: 0.713 name: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py pchanges: {} result: true start_time: '14:42:16.037368' ? file_|-python-volatility-plugins-malprocfind.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py_|-absent : __id__: python-volatility-plugins-malprocfind.py-absent __run_num__: 181 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py is not present duration: 0.513 name: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py pchanges: {} result: true start_time: '14:42:15.990617' file_|-python-volatility-plugins-mimikatz.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py_|-absent: __id__: python-volatility-plugins-mimikatz.py-absent __run_num__: 184 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py is not present duration: 0.522 name: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py pchanges: {} result: true start_time: '14:42:16.007637' ? file_|-python-volatility-plugins-openioc_scan.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py_|-absent : __id__: python-volatility-plugins-openioc_scan.py-absent __run_num__: 185 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py is not present duration: 0.48 name: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py pchanges: {} result: true start_time: '14:42:16.012981' file_|-python-volatility-plugins-prefetch.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py_|-absent: __id__: python-volatility-plugins-prefetch.py-absent __run_num__: 190 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py is not present duration: 0.466 name: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py pchanges: {} result: true start_time: '14:42:16.043315' file_|-python-volatility-plugins-pstotal.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py_|-absent: __id__: python-volatility-plugins-pstotal.py-absent __run_num__: 186 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py is not present duration: 0.63 name: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py pchanges: {} result: true start_time: '14:42:16.019039' ? file_|-python-volatility-plugins-ssdeepscan.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py_|-absent : __id__: python-volatility-plugins-ssdeepscan.py-absent __run_num__: 192 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py is not present duration: 0.475 name: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py pchanges: {} result: true start_time: '14:42:16.053919' ? file_|-python-volatility-plugins-trustrecords.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py_|-absent : __id__: python-volatility-plugins-trustrecords.py-absent __run_num__: 194 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py is not present duration: 0.856 name: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py pchanges: {} result: true start_time: '14:42:16.064900' ? file_|-python-volatility-plugins-uninstallinfo.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py_|-absent : __id__: python-volatility-plugins-uninstallinfo.py-absent __run_num__: 193 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py is not present duration: 0.481 name: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py pchanges: {} result: true start_time: '14:42:16.059102' file_|-python-volatility-plugins-usnparser.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py_|-absent: __id__: python-volatility-plugins-usnparser.py-absent __run_num__: 195 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py is not present duration: 0.777 name: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py pchanges: {} result: true start_time: '14:42:16.071535' file_|-python-volatility-sift-plugins_|-/usr/lib/python2.7/dist-packages/volatility/plugins/sift/_|-recurse: __id__: python-volatility-sift-plugins __run_num__: 180 __sls__: sift.packages.python-volatility changes: {} comment: The directory /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ is in the correct state duration: 82.54 name: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ pchanges: {} result: true start_time: '14:42:15.903023' file_|-rc-noclobber_|-/home/sansforensics/.bashrc_|-append: __id__: rc-noclobber __run_num__: 431 __sls__: sift.config.user.bash-rc changes: {} comment: File /home/sansforensics/.bashrc is in correct state duration: 1.492 name: /home/sansforensics/.bashrc pchanges: {} result: true start_time: '14:43:58.279149' file_|-rc-root-noclobber_|-/root/.bashrc_|-append: __id__: rc-root-noclobber __run_num__: 433 __sls__: sift.config.user.bash-rc changes: {} comment: File /root/.bashrc is in correct state duration: 1.273 name: /root/.bashrc pchanges: {} result: true start_time: '14:43:58.287801' file_|-rekall-path_|-/home/sansforensics/.bashrc_|-append: __id__: rekall-path __run_num__: 432 __sls__: sift.config.user.bash-rc changes: {} comment: File /home/sansforensics/.bashrc is in correct state duration: 1.921 name: /home/sansforensics/.bashrc pchanges: {} result: true start_time: '14:43:58.282819' file_|-scripts-java-idx-parser_|-/usr/local/bin/idx_parser.py_|-managed: __id__: scripts-java-idx-parser __run_num__: 319 __sls__: sift.scripts.java-idx-parser changes: {} comment: File /usr/local/bin/idx_parser.py is in the correct state duration: 256.548 name: /usr/local/bin/idx_parser.py pchanges: {} result: true start_time: '14:43:41.425281' file_|-scripts-page-brute_|-/usr/local/bin_|-recurse: __id__: scripts-page-brute __run_num__: 380 __sls__: sift.scripts.page-brute changes: {} comment: The directory /usr/local/bin is in the correct state duration: 73.944 name: /usr/local/bin pchanges: {} result: true start_time: '14:43:46.114893' file_|-scripts-pdf-tools_|-/usr/local/bin_|-recurse: __id__: scripts-pdf-tools __run_num__: 382 __sls__: sift.scripts.pdf-tools changes: {} comment: The directory /usr/local/bin is in the correct state duration: 90.025 name: /usr/local/bin pchanges: {} result: true start_time: '14:43:46.437395' file_|-scripts-sift-resources-audio_|-/usr/share/sift/audio_|-directory: __id__: scripts-sift-resources-audio __run_num__: 409 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/audio is in the correct state Directory /usr/share/sift/audio updated' duration: 0.818 name: /usr/share/sift/audio pchanges: {} result: true start_time: '14:43:52.808772' file_|-scripts-sift-resources-images_|-/usr/share/sift/images_|-directory: __id__: scripts-sift-resources-images __run_num__: 408 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/images is in the correct state Directory /usr/share/sift/images updated' duration: 0.832 name: /usr/share/sift/images pchanges: {} result: true start_time: '14:43:52.807797' file_|-scripts-sift-resources-other_|-/usr/share/sift/other_|-directory: __id__: scripts-sift-resources-other __run_num__: 410 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/other is in the correct state Directory /usr/share/sift/other updated' duration: 0.806 name: /usr/share/sift/other pchanges: {} result: true start_time: '14:43:52.809722' file_|-scripts-sift-resources-resources_|-/usr/share/sift/resources_|-directory: __id__: scripts-sift-resources-resources __run_num__: 407 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/resources is in the correct state Directory /usr/share/sift/resources updated' duration: 0.867 name: /usr/share/sift/resources pchanges: {} result: true start_time: '14:43:52.806786' file_|-scripts-sift-resources-scripts_|-/usr/share/sift/scripts_|-directory: __id__: scripts-sift-resources-scripts __run_num__: 411 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/scripts is in the correct state Directory /usr/share/sift/scripts updated' duration: 0.87 name: /usr/share/sift/scripts pchanges: {} result: true start_time: '14:43:52.810660' file_|-scripts-sorter-directory_|-/usr/share/tsk/sorter_|-directory: __id__: scripts-sorter-directory __run_num__: 413 __sls__: sift.scripts.sorter changes: {} comment: 'Directory /usr/share/tsk/sorter is in the correct state Directory /usr/share/tsk/sorter updated' duration: 0.689 name: /usr/share/tsk/sorter pchanges: {} result: true start_time: '14:43:53.075917' file_|-scripts-sorter-files_|-/usr/share/tsk/sorter_|-recurse: __id__: scripts-sorter-files __run_num__: 414 __sls__: sift.scripts.sorter changes: {} comment: The directory /usr/share/tsk/sorter is in the correct state duration: 24.747 name: /usr/share/tsk/sorter pchanges: {} result: true start_time: '14:43:53.079270' file_|-sift-powershell-source_|-/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb_|-managed: __id__: sift-powershell-source __run_num__: 145 __sls__: sift.packages.powershell changes: {} comment: File /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb is in the correct state duration: 25151.438 name: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb pchanges: {} result: true start_time: '14:41:15.522604' file_|-sift-resources_|-/usr/share/sift_|-recurse: __id__: sift-resources __run_num__: 412 __sls__: sift.scripts.sift changes: {} comment: The directory /usr/share/sift is in the correct state duration: 254.916 name: /usr/share/sift pchanges: {} result: true start_time: '14:43:52.820825' file_|-sift-samba-global-config_|-/etc/samba/smb.conf_|-managed: __id__: sift-samba-global-config __run_num__: 493 __sls__: sift.config.samba changes: {} comment: File /etc/samba/smb.conf is in the correct state duration: 12.35 name: /etc/samba/smb.conf pchanges: {} result: true start_time: '14:43:59.259979' file_|-sift-scripts-4n6-WP8_AppPerms.py_|-/usr/local/bin/WP8_AppPerms.py_|-copy: __id__: sift-scripts-4n6-WP8_AppPerms.py __run_num__: 276 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/WP8_AppPerms.py" exists and will not be overwritten duration: 2.28 name: /usr/local/bin/WP8_AppPerms.py result: true start_time: '14:43:39.288358' file_|-sift-scripts-4n6-bing-bar-parser.pl_|-/usr/local/bin/bing-bar-parser.pl_|-copy: __id__: sift-scripts-4n6-bing-bar-parser.pl __run_num__: 277 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/bing-bar-parser.pl" exists and will not be overwritten duration: 1.426 name: /usr/local/bin/bing-bar-parser.pl result: true start_time: '14:43:39.297348' file_|-sift-scripts-4n6-chunkymonkey.py_|-/usr/local/bin/chunkymonkey.py_|-copy: __id__: sift-scripts-4n6-chunkymonkey.py __run_num__: 278 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/chunkymonkey.py" exists and will not be overwritten duration: 1.343 name: /usr/local/bin/chunkymonkey.py result: true start_time: '14:43:39.306101' file_|-sift-scripts-4n6-dextract.def_|-/usr/local/bin/dextract.def_|-copy: __id__: sift-scripts-4n6-dextract.def __run_num__: 279 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/dextract.def" exists and will not be overwritten duration: 1.536 name: /usr/local/bin/dextract.def result: true start_time: '14:43:39.312687' file_|-sift-scripts-4n6-dextract.py_|-/usr/local/bin/dextract.py_|-copy: __id__: sift-scripts-4n6-dextract.py __run_num__: 280 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/dextract.py" exists and will not be overwritten duration: 2.048 name: /usr/local/bin/dextract.py result: true start_time: '14:43:39.319680' file_|-sift-scripts-4n6-docx-font-extractor.pl_|-/usr/local/bin/docx-font-extractor.pl_|-copy: __id__: sift-scripts-4n6-docx-font-extractor.pl __run_num__: 281 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/docx-font-extractor.pl" exists and will not be overwritten duration: 1.377 name: /usr/local/bin/docx-font-extractor.pl result: true start_time: '14:43:39.327346' file_|-sift-scripts-4n6-exif2map.pl_|-/usr/local/bin/exif2map.pl_|-copy: __id__: sift-scripts-4n6-exif2map.pl __run_num__: 282 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/exif2map.pl" exists and will not be overwritten duration: 1.25 name: /usr/local/bin/exif2map.pl result: true start_time: '14:43:39.333908' file_|-sift-scripts-4n6-fbmsg-extractor.py_|-/usr/local/bin/fbmsg-extractor.py_|-copy: __id__: sift-scripts-4n6-fbmsg-extractor.py __run_num__: 283 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/fbmsg-extractor.py" exists and will not be overwritten duration: 1.203 name: /usr/local/bin/fbmsg-extractor.py result: true start_time: '14:43:39.340403' file_|-sift-scripts-4n6-gis4cookie.pl_|-/usr/local/bin/gis4cookie.pl_|-copy: __id__: sift-scripts-4n6-gis4cookie.pl __run_num__: 284 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/gis4cookie.pl" exists and will not be overwritten duration: 1.015 name: /usr/local/bin/gis4cookie.pl result: true start_time: '14:43:39.346293' file_|-sift-scripts-4n6-google-ei-time.py_|-/usr/local/bin/google-ei-time.py_|-copy: __id__: sift-scripts-4n6-google-ei-time.py __run_num__: 285 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/google-ei-time.py" exists and will not be overwritten duration: 1.362 name: /usr/local/bin/google-ei-time.py result: true start_time: '14:43:39.352029' file_|-sift-scripts-4n6-imgcache-parse-mod.py_|-/usr/local/bin/imgcache-parse-mod.py_|-copy: __id__: sift-scripts-4n6-imgcache-parse-mod.py __run_num__: 286 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/imgcache-parse-mod.py" exists and will not be overwritten duration: 1.232 name: /usr/local/bin/imgcache-parse-mod.py result: true start_time: '14:43:39.359586' file_|-sift-scripts-4n6-imgcache-parse.py_|-/usr/local/bin/imgcache-parse.py_|-copy: __id__: sift-scripts-4n6-imgcache-parse.py __run_num__: 287 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/imgcache-parse.py" exists and will not be overwritten duration: 1.47 name: /usr/local/bin/imgcache-parse.py result: true start_time: '14:43:39.366223' file_|-sift-scripts-4n6-json-printer.pl_|-/usr/local/bin/json-printer.pl_|-copy: __id__: sift-scripts-4n6-json-printer.pl __run_num__: 288 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/json-printer.pl" exists and will not be overwritten duration: 1.634 name: /usr/local/bin/json-printer.pl result: true start_time: '14:43:39.373196' file_|-sift-scripts-4n6-msoffice-pic-extractor.py_|-/usr/local/bin/msoffice-pic-extractor.py_|-copy: __id__: sift-scripts-4n6-msoffice-pic-extractor.py __run_num__: 289 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/msoffice-pic-extractor.py" exists and will not be overwritten duration: 1.229 name: /usr/local/bin/msoffice-pic-extractor.py result: true start_time: '14:43:39.380027' file_|-sift-scripts-4n6-plist2db.py_|-/usr/local/bin/plist2db.py_|-copy: __id__: sift-scripts-4n6-plist2db.py __run_num__: 290 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/plist2db.py" exists and will not be overwritten duration: 1.208 name: /usr/local/bin/plist2db.py result: true start_time: '14:43:39.386151' file_|-sift-scripts-4n6-print_apk_perms.py_|-/usr/local/bin/print_apk_perms.py_|-copy: __id__: sift-scripts-4n6-print_apk_perms.py __run_num__: 291 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/print_apk_perms.py" exists and will not be overwritten duration: 1.026 name: /usr/local/bin/print_apk_perms.py result: true start_time: '14:43:39.392566' file_|-sift-scripts-4n6-s2-cellid2latlong.py_|-/usr/local/bin/s2-cellid2latlong.py_|-copy: __id__: sift-scripts-4n6-s2-cellid2latlong.py __run_num__: 292 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/s2-cellid2latlong.py" exists and will not be overwritten duration: 1.685 name: /usr/local/bin/s2-cellid2latlong.py result: true start_time: '14:43:39.398633' file_|-sift-scripts-4n6-s2-latlong2cellid.py_|-/usr/local/bin/s2-latlong2cellid.py_|-copy: __id__: sift-scripts-4n6-s2-latlong2cellid.py __run_num__: 293 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/s2-latlong2cellid.py" exists and will not be overwritten duration: 1.55 name: /usr/local/bin/s2-latlong2cellid.py result: true start_time: '14:43:39.405785' file_|-sift-scripts-4n6-sms-grep-sample-config.txt_|-/usr/local/bin/sms-grep-sample-config.txt_|-copy: __id__: sift-scripts-4n6-sms-grep-sample-config.txt __run_num__: 294 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sms-grep-sample-config.txt" exists and will not be overwritten duration: 1.24 name: /usr/local/bin/sms-grep-sample-config.txt result: true start_time: '14:43:39.413050' file_|-sift-scripts-4n6-sms-grep.pl_|-/usr/local/bin/sms-grep.pl_|-copy: __id__: sift-scripts-4n6-sms-grep.pl __run_num__: 295 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sms-grep.pl" exists and will not be overwritten duration: 1.397 name: /usr/local/bin/sms-grep.pl result: true start_time: '14:43:39.419402' file_|-sift-scripts-4n6-sqlite-base64-decode.py_|-/usr/local/bin/sqlite-base64-decode.py_|-copy: __id__: sift-scripts-4n6-sqlite-base64-decode.py __run_num__: 296 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sqlite-base64-decode.py" exists and will not be overwritten duration: 1.216 name: /usr/local/bin/sqlite-base64-decode.py result: true start_time: '14:43:39.425969' file_|-sift-scripts-4n6-sqlite-blob-dumper.py_|-/usr/local/bin/sqlite-blob-dumper.py_|-copy: __id__: sift-scripts-4n6-sqlite-blob-dumper.py __run_num__: 297 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sqlite-blob-dumper.py" exists and will not be overwritten duration: 1.032 name: /usr/local/bin/sqlite-blob-dumper.py result: true start_time: '14:43:39.431970' file_|-sift-scripts-4n6-sqlite-parser.pl_|-/usr/local/bin/sqlite-parser.pl_|-copy: __id__: sift-scripts-4n6-sqlite-parser.pl __run_num__: 298 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sqlite-parser.pl" exists and will not be overwritten duration: 1.24 name: /usr/local/bin/sqlite-parser.pl result: true start_time: '14:43:39.438069' file_|-sift-scripts-4n6-squirrelgripper-README.txt_|-/usr/local/bin/squirrelgripper-README.txt_|-copy: __id__: sift-scripts-4n6-squirrelgripper-README.txt __run_num__: 299 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/squirrelgripper-README.txt" exists and will not be overwritten duration: 1.32 name: /usr/local/bin/squirrelgripper-README.txt result: true start_time: '14:43:39.444978' file_|-sift-scripts-4n6-squirrelgripper.pl_|-/usr/local/bin/squirrelgripper.pl_|-copy: __id__: sift-scripts-4n6-squirrelgripper.pl __run_num__: 300 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/squirrelgripper.pl" exists and will not be overwritten duration: 1.445 name: /usr/local/bin/squirrelgripper.pl result: true start_time: '14:43:39.451868' file_|-sift-scripts-4n6-timediff32.pl_|-/usr/local/bin/timediff32.pl_|-copy: __id__: sift-scripts-4n6-timediff32.pl __run_num__: 301 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/timediff32.pl" exists and will not be overwritten duration: 1.227 name: /usr/local/bin/timediff32.pl result: true start_time: '14:43:39.458701' file_|-sift-scripts-4n6-vmail-db-2-html.pl_|-/usr/local/bin/vmail-db-2-html.pl_|-copy: __id__: sift-scripts-4n6-vmail-db-2-html.pl __run_num__: 302 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/vmail-db-2-html.pl" exists and will not be overwritten duration: 1.195 name: /usr/local/bin/vmail-db-2-html.pl result: true start_time: '14:43:39.465260' file_|-sift-scripts-4n6-wp8-1-callhistory.py_|-/usr/local/bin/wp8-1-callhistory.py_|-copy: __id__: sift-scripts-4n6-wp8-1-callhistory.py __run_num__: 303 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-callhistory.py" exists and will not be overwritten duration: 1.195 name: /usr/local/bin/wp8-1-callhistory.py result: true start_time: '14:43:39.471529' file_|-sift-scripts-4n6-wp8-1-contacts.py_|-/usr/local/bin/wp8-1-contacts.py_|-copy: __id__: sift-scripts-4n6-wp8-1-contacts.py __run_num__: 304 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-contacts.py" exists and will not be overwritten duration: 1.167 name: /usr/local/bin/wp8-1-contacts.py result: true start_time: '14:43:39.477539' file_|-sift-scripts-4n6-wp8-1-mms-filesort.py_|-/usr/local/bin/wp8-1-mms-filesort.py_|-copy: __id__: sift-scripts-4n6-wp8-1-mms-filesort.py __run_num__: 305 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-mms-filesort.py" exists and will not be overwritten duration: 1.156 name: /usr/local/bin/wp8-1-mms-filesort.py result: true start_time: '14:43:39.483459' file_|-sift-scripts-4n6-wp8-1-mms.py_|-/usr/local/bin/wp8-1-mms.py_|-copy: __id__: sift-scripts-4n6-wp8-1-mms.py __run_num__: 306 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-mms.py" exists and will not be overwritten duration: 1.224 name: /usr/local/bin/wp8-1-mms.py result: true start_time: '14:43:39.490258' file_|-sift-scripts-4n6-wp8-1-sms.py_|-/usr/local/bin/wp8-1-sms.py_|-copy: __id__: sift-scripts-4n6-wp8-1-sms.py __run_num__: 307 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-sms.py" exists and will not be overwritten duration: 1.396 name: /usr/local/bin/wp8-1-sms.py result: true start_time: '14:43:39.497251' file_|-sift-scripts-4n6-wp8-callhistory.py_|-/usr/local/bin/wp8-callhistory.py_|-copy: __id__: sift-scripts-4n6-wp8-callhistory.py __run_num__: 308 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-callhistory.py" exists and will not be overwritten duration: 1.291 name: /usr/local/bin/wp8-callhistory.py result: true start_time: '14:43:39.504034' file_|-sift-scripts-4n6-wp8-contacts.py_|-/usr/local/bin/wp8-contacts.py_|-copy: __id__: sift-scripts-4n6-wp8-contacts.py __run_num__: 309 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-contacts.py" exists and will not be overwritten duration: 1.254 name: /usr/local/bin/wp8-contacts.py result: true start_time: '14:43:39.510512' file_|-sift-scripts-4n6-wp8-fb-msg.py_|-/usr/local/bin/wp8-fb-msg.py_|-copy: __id__: sift-scripts-4n6-wp8-fb-msg.py __run_num__: 310 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-fb-msg.py" exists and will not be overwritten duration: 1.065 name: /usr/local/bin/wp8-fb-msg.py result: true start_time: '14:43:39.517603' file_|-sift-scripts-4n6-wp8-sha256-pin-finder.py_|-/usr/local/bin/wp8-sha256-pin-finder.py_|-copy: __id__: sift-scripts-4n6-wp8-sha256-pin-finder.py __run_num__: 311 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-sha256-pin-finder.py" exists and will not be overwritten duration: 1.159 name: /usr/local/bin/wp8-sha256-pin-finder.py result: true start_time: '14:43:39.523824' file_|-sift-scripts-4n6-wp8-sms.py_|-/usr/local/bin/wp8-sms.py_|-copy: __id__: sift-scripts-4n6-wp8-sms.py __run_num__: 312 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-sms.py" exists and will not be overwritten duration: 1.702 name: /usr/local/bin/wp8-sms.py result: true start_time: '14:43:39.529917' file_|-sift-scripts-4n6-wwf-chat-parser.py_|-/usr/local/bin/wwf-chat-parser.py_|-copy: __id__: sift-scripts-4n6-wwf-chat-parser.py __run_num__: 313 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wwf-chat-parser.py" exists and will not be overwritten duration: 1.435 name: /usr/local/bin/wwf-chat-parser.py result: true start_time: '14:43:39.537068' file_|-sift-scripts-amcache-shebang_|-/usr/local/bin/amcache.py_|-replace: __id__: sift-scripts-amcache-shebang __run_num__: 315 __sls__: sift.scripts.amcache changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" comment: Changes were made duration: 4.227 name: /usr/local/bin/amcache.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" result: true start_time: '14:43:40.952381' file_|-sift-scripts-amcache_|-/usr/local/bin/amcache.py_|-managed: __id__: sift-scripts-amcache __run_num__: 314 __sls__: sift.scripts.amcache changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env python\n+#!/usr/bin/python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" comment: File /usr/local/bin/amcache.py updated duration: 685.248 name: /usr/local/bin/amcache.py pchanges: {} result: true start_time: '14:43:39.538714' file_|-sift-scripts-dump-mft-entry-shebang_|-/usr/local/bin/dump-mft-entry.pl_|-replace: __id__: sift-scripts-dump-mft-entry-shebang __run_num__: 317 __sls__: sift.scripts.dump-mft-entry changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n #------------------------------\n #dump_mft_entry.pl\n" comment: Changes were made duration: 7.738 name: /usr/local/bin/dump-mft-entry.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n #------------------------------\n #dump_mft_entry.pl\n" result: true start_time: '14:43:41.189122' file_|-sift-scripts-dump-mft-entry_|-/usr/local/bin/dump-mft-entry.pl_|-managed: __id__: sift-scripts-dump-mft-entry __run_num__: 316 __sls__: sift.scripts.dump-mft-entry changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env perl\n+#!/usr/bin/perl\n \n #------------------------------\n #dump_mft_entry.pl\n" comment: File /usr/local/bin/dump-mft-entry.pl updated duration: 212.336 name: /usr/local/bin/dump-mft-entry.pl pchanges: {} result: true start_time: '14:43:40.956772' file_|-sift-scripts-image-mounter_|-/usr/local/bin/imageMounter.py_|-managed: __id__: sift-scripts-image-mounter __run_num__: 318 __sls__: sift.scripts.image-mounter changes: {} comment: File /usr/local/bin/imageMounter.py is in the correct state duration: 227.201 name: /usr/local/bin/imageMounter.py pchanges: {} result: true start_time: '14:43:41.197456' file_|-sift-scripts-jobparser_|-/usr/local/bin/jobparser.py_|-managed: __id__: sift-scripts-jobparser __run_num__: 320 __sls__: sift.scripts.jobparser changes: {} comment: File /usr/local/bin/jobparser.py is in the correct state duration: 288.346 name: /usr/local/bin/jobparser.py pchanges: {} result: true start_time: '14:43:41.682771' file_|-sift-scripts-keydet-tools-bodyfile.pl_|-/usr/local/bin/bodyfile.pl_|-copy: __id__: sift-scripts-keydet-tools-bodyfile.pl __run_num__: 322 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/bodyfile.pl" exists and will not be overwritten duration: 1.39 name: /usr/local/bin/bodyfile.pl result: true start_time: '14:43:44.606802' file_|-sift-scripts-keydet-tools-evtparse.pl_|-/usr/local/bin/evtparse.pl_|-copy: __id__: sift-scripts-keydet-tools-evtparse.pl __run_num__: 324 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/evtparse.pl" exists and will not be overwritten duration: 1.232 name: /usr/local/bin/evtparse.pl result: true start_time: '14:43:44.621231' file_|-sift-scripts-keydet-tools-evtrpt.pl_|-/usr/local/bin/evtrpt.pl_|-copy: __id__: sift-scripts-keydet-tools-evtrpt.pl __run_num__: 326 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/evtrpt.pl" exists and will not be overwritten duration: 1.53 name: /usr/local/bin/evtrpt.pl result: true start_time: '14:43:44.635699' file_|-sift-scripts-keydet-tools-evtxparse.pl_|-/usr/local/bin/evtxparse.pl_|-copy: __id__: sift-scripts-keydet-tools-evtxparse.pl __run_num__: 328 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/evtxparse.pl" exists and will not be overwritten duration: 1.244 name: /usr/local/bin/evtxparse.pl result: true start_time: '14:43:44.651826' file_|-sift-scripts-keydet-tools-fb.pl_|-/usr/local/bin/fb.pl_|-copy: __id__: sift-scripts-keydet-tools-fb.pl __run_num__: 330 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/fb.pl" exists and will not be overwritten duration: 1.266 name: /usr/local/bin/fb.pl result: true start_time: '14:43:44.666562' file_|-sift-scripts-keydet-tools-ff.pl_|-/usr/local/bin/ff.pl_|-copy: __id__: sift-scripts-keydet-tools-ff.pl __run_num__: 332 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/ff.pl" exists and will not be overwritten duration: 1.283 name: /usr/local/bin/ff.pl result: true start_time: '14:43:44.681860' file_|-sift-scripts-keydet-tools-ff_signons.pl_|-/usr/local/bin/ff_signons.pl_|-copy: __id__: sift-scripts-keydet-tools-ff_signons.pl __run_num__: 334 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/ff_signons.pl" exists and will not be overwritten duration: 1.283 name: /usr/local/bin/ff_signons.pl result: true start_time: '14:43:44.697073' file_|-sift-scripts-keydet-tools-ftkparse.pl_|-/usr/local/bin/ftkparse.pl_|-copy: __id__: sift-scripts-keydet-tools-ftkparse.pl __run_num__: 336 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/ftkparse.pl" exists and will not be overwritten duration: 1.336 name: /usr/local/bin/ftkparse.pl result: true start_time: '14:43:44.713011' file_|-sift-scripts-keydet-tools-idx.pl_|-/usr/local/bin/idx.pl_|-copy: __id__: sift-scripts-keydet-tools-idx.pl __run_num__: 338 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/idx.pl" exists and will not be overwritten duration: 1.203 name: /usr/local/bin/idx.pl result: true start_time: '14:43:44.803546' file_|-sift-scripts-keydet-tools-idxparse.pl_|-/usr/local/bin/idxparse.pl_|-copy: __id__: sift-scripts-keydet-tools-idxparse.pl __run_num__: 340 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/idxparse.pl" exists and will not be overwritten duration: 1.256 name: /usr/local/bin/idxparse.pl result: true start_time: '14:43:44.819284' file_|-sift-scripts-keydet-tools-jl.pl_|-/usr/local/bin/jl.pl_|-copy: __id__: sift-scripts-keydet-tools-jl.pl __run_num__: 342 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/jl.pl" exists and will not be overwritten duration: 1.213 name: /usr/local/bin/jl.pl result: true start_time: '14:43:44.835437' file_|-sift-scripts-keydet-tools-jobparse.pl_|-/usr/local/bin/jobparse.pl_|-copy: __id__: sift-scripts-keydet-tools-jobparse.pl __run_num__: 344 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/jobparse.pl" exists and will not be overwritten duration: 1.272 name: /usr/local/bin/jobparse.pl result: true start_time: '14:43:44.850902' file_|-sift-scripts-keydet-tools-lfle.pl_|-/usr/local/bin/lfle.pl_|-copy: __id__: sift-scripts-keydet-tools-lfle.pl __run_num__: 346 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/lfle.pl" exists and will not be overwritten duration: 1.212 name: /usr/local/bin/lfle.pl result: true start_time: '14:43:44.865702' file_|-sift-scripts-keydet-tools-lnk.pl_|-/usr/local/bin/lnk.pl_|-copy: __id__: sift-scripts-keydet-tools-lnk.pl __run_num__: 348 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/lnk.pl" exists and will not be overwritten duration: 1.36 name: /usr/local/bin/lnk.pl result: true start_time: '14:43:44.881074' file_|-sift-scripts-keydet-tools-mft.pl_|-/usr/local/bin/mft.pl_|-copy: __id__: sift-scripts-keydet-tools-mft.pl __run_num__: 350 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/mft.pl" exists and will not be overwritten duration: 1.309 name: /usr/local/bin/mft.pl result: true start_time: '14:43:44.896369' file_|-sift-scripts-keydet-tools-parse.pl_|-/usr/local/bin/parse.pl_|-copy: __id__: sift-scripts-keydet-tools-parse.pl __run_num__: 352 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/parse.pl" exists and will not be overwritten duration: 1.206 name: /usr/local/bin/parse.pl result: true start_time: '14:43:44.912026' file_|-sift-scripts-keydet-tools-parsei30.pl_|-/usr/local/bin/parsei30.pl_|-copy: __id__: sift-scripts-keydet-tools-parsei30.pl __run_num__: 354 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/parsei30.pl" exists and will not be overwritten duration: 1.684 name: /usr/local/bin/parsei30.pl result: true start_time: '14:43:44.927508' file_|-sift-scripts-keydet-tools-parseie.pl_|-/usr/local/bin/parseie.pl_|-copy: __id__: sift-scripts-keydet-tools-parseie.pl __run_num__: 356 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/parseie.pl" exists and will not be overwritten duration: 1.298 name: /usr/local/bin/parseie.pl result: true start_time: '14:43:44.943719' file_|-sift-scripts-keydet-tools-pie.pl_|-/usr/local/bin/pie.pl_|-copy: __id__: sift-scripts-keydet-tools-pie.pl __run_num__: 358 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/pie.pl" exists and will not be overwritten duration: 1.237 name: /usr/local/bin/pie.pl result: true start_time: '14:43:44.959313' file_|-sift-scripts-keydet-tools-pref.pl_|-/usr/local/bin/pref.pl_|-copy: __id__: sift-scripts-keydet-tools-pref.pl __run_num__: 360 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/pref.pl" exists and will not be overwritten duration: 1.452 name: /usr/local/bin/pref.pl result: true start_time: '14:43:44.974900' file_|-sift-scripts-keydet-tools-rawie.pl_|-/usr/local/bin/rawie.pl_|-copy: __id__: sift-scripts-keydet-tools-rawie.pl __run_num__: 362 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/rawie.pl" exists and will not be overwritten duration: 1.186 name: /usr/local/bin/rawie.pl result: true start_time: '14:43:44.990548' file_|-sift-scripts-keydet-tools-recbin.pl_|-/usr/local/bin/recbin.pl_|-copy: __id__: sift-scripts-keydet-tools-recbin.pl __run_num__: 364 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/recbin.pl" exists and will not be overwritten duration: 1.239 name: /usr/local/bin/recbin.pl result: true start_time: '14:43:45.005257' file_|-sift-scripts-keydet-tools-regslack.pl_|-/usr/local/bin/regslack.pl_|-copy: __id__: sift-scripts-keydet-tools-regslack.pl __run_num__: 366 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/regslack.pl" exists and will not be overwritten duration: 1.319 name: /usr/local/bin/regslack.pl result: true start_time: '14:43:45.022524' file_|-sift-scripts-keydet-tools-regtime.pl_|-/usr/local/bin/regtime.pl_|-copy: __id__: sift-scripts-keydet-tools-regtime.pl __run_num__: 368 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/regtime.pl" exists and will not be overwritten duration: 1.324 name: /usr/local/bin/regtime.pl result: true start_time: '14:43:45.038355' file_|-sift-scripts-keydet-tools-rfc.pl_|-/usr/local/bin/rfc.pl_|-copy: __id__: sift-scripts-keydet-tools-rfc.pl __run_num__: 370 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/rfc.pl" exists and will not be overwritten duration: 1.478 name: /usr/local/bin/rfc.pl result: true start_time: '14:43:45.052538' file_|-sift-scripts-keydet-tools-rlo.pl_|-/usr/local/bin/rlo.pl_|-copy: __id__: sift-scripts-keydet-tools-rlo.pl __run_num__: 372 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/rlo.pl" exists and will not be overwritten duration: 1.255 name: /usr/local/bin/rlo.pl result: true start_time: '14:43:45.068386' file_|-sift-scripts-keydet-tools-shebang-bodyfile.pl_|-/usr/local/bin/bodyfile.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-bodyfile.pl __run_num__: 323 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.619 name: /usr/local/bin/bodyfile.pl pchanges: {} result: true start_time: '14:43:44.613218' file_|-sift-scripts-keydet-tools-shebang-evtparse.pl_|-/usr/local/bin/evtparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtparse.pl __run_num__: 325 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.77 name: /usr/local/bin/evtparse.pl pchanges: {} result: true start_time: '14:43:44.627505' file_|-sift-scripts-keydet-tools-shebang-evtrpt.pl_|-/usr/local/bin/evtrpt.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtrpt.pl __run_num__: 327 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.543 name: /usr/local/bin/evtrpt.pl pchanges: {} result: true start_time: '14:43:44.642693' file_|-sift-scripts-keydet-tools-shebang-evtxparse.pl_|-/usr/local/bin/evtxparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtxparse.pl __run_num__: 329 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.781 name: /usr/local/bin/evtxparse.pl pchanges: {} result: true start_time: '14:43:44.658465' file_|-sift-scripts-keydet-tools-shebang-fb.pl_|-/usr/local/bin/fb.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-fb.pl __run_num__: 331 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.365 name: /usr/local/bin/fb.pl pchanges: {} result: true start_time: '14:43:44.673476' file_|-sift-scripts-keydet-tools-shebang-ff.pl_|-/usr/local/bin/ff.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ff.pl __run_num__: 333 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.208 name: /usr/local/bin/ff.pl pchanges: {} result: true start_time: '14:43:44.688604' file_|-sift-scripts-keydet-tools-shebang-ff_signons.pl_|-/usr/local/bin/ff_signons.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ff_signons.pl __run_num__: 335 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.433 name: /usr/local/bin/ff_signons.pl pchanges: {} result: true start_time: '14:43:44.705712' file_|-sift-scripts-keydet-tools-shebang-ftkparse.pl_|-/usr/local/bin/ftkparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ftkparse.pl __run_num__: 337 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.298 name: /usr/local/bin/ftkparse.pl pchanges: {} result: true start_time: '14:43:44.795988' file_|-sift-scripts-keydet-tools-shebang-idx.pl_|-/usr/local/bin/idx.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-idx.pl __run_num__: 339 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.205 name: /usr/local/bin/idx.pl pchanges: {} result: true start_time: '14:43:44.809809' file_|-sift-scripts-keydet-tools-shebang-idxparse.pl_|-/usr/local/bin/idxparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-idxparse.pl __run_num__: 341 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.121 name: /usr/local/bin/idxparse.pl pchanges: {} result: true start_time: '14:43:44.825656' file_|-sift-scripts-keydet-tools-shebang-jl.pl_|-/usr/local/bin/jl.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-jl.pl __run_num__: 343 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.624 name: /usr/local/bin/jl.pl pchanges: {} result: true start_time: '14:43:44.842456' file_|-sift-scripts-keydet-tools-shebang-jobparse.pl_|-/usr/local/bin/jobparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-jobparse.pl __run_num__: 345 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.881 name: /usr/local/bin/jobparse.pl pchanges: {} result: true start_time: '14:43:44.857595' file_|-sift-scripts-keydet-tools-shebang-lfle.pl_|-/usr/local/bin/lfle.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-lfle.pl __run_num__: 347 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.249 name: /usr/local/bin/lfle.pl pchanges: {} result: true start_time: '14:43:44.872244' file_|-sift-scripts-keydet-tools-shebang-lnk.pl_|-/usr/local/bin/lnk.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-lnk.pl __run_num__: 349 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.579 name: /usr/local/bin/lnk.pl pchanges: {} result: true start_time: '14:43:44.888400' file_|-sift-scripts-keydet-tools-shebang-mft.pl_|-/usr/local/bin/mft.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-mft.pl __run_num__: 351 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.816 name: /usr/local/bin/mft.pl pchanges: {} result: true start_time: '14:43:44.903243' file_|-sift-scripts-keydet-tools-shebang-parse.pl_|-/usr/local/bin/parse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parse.pl __run_num__: 353 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.13 name: /usr/local/bin/parse.pl pchanges: {} result: true start_time: '14:43:44.918781' file_|-sift-scripts-keydet-tools-shebang-parsei30.pl_|-/usr/local/bin/parsei30.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parsei30.pl __run_num__: 355 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.938 name: /usr/local/bin/parsei30.pl pchanges: {} result: true start_time: '14:43:44.935282' file_|-sift-scripts-keydet-tools-shebang-parseie.pl_|-/usr/local/bin/parseie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parseie.pl __run_num__: 357 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.063 name: /usr/local/bin/parseie.pl pchanges: {} result: true start_time: '14:43:44.951019' file_|-sift-scripts-keydet-tools-shebang-pie.pl_|-/usr/local/bin/pie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-pie.pl __run_num__: 359 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.568 name: /usr/local/bin/pie.pl pchanges: {} result: true start_time: '14:43:44.966682' file_|-sift-scripts-keydet-tools-shebang-pref.pl_|-/usr/local/bin/pref.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-pref.pl __run_num__: 361 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.12 name: /usr/local/bin/pref.pl pchanges: {} result: true start_time: '14:43:44.982109' file_|-sift-scripts-keydet-tools-shebang-rawie.pl_|-/usr/local/bin/rawie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rawie.pl __run_num__: 363 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.146 name: /usr/local/bin/rawie.pl pchanges: {} result: true start_time: '14:43:44.996955' file_|-sift-scripts-keydet-tools-shebang-recbin.pl_|-/usr/local/bin/recbin.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-recbin.pl __run_num__: 365 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.094 name: /usr/local/bin/recbin.pl pchanges: {} result: true start_time: '14:43:45.012379' file_|-sift-scripts-keydet-tools-shebang-regslack.pl_|-/usr/local/bin/regslack.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-regslack.pl __run_num__: 367 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.66 name: /usr/local/bin/regslack.pl pchanges: {} result: true start_time: '14:43:45.029355' file_|-sift-scripts-keydet-tools-shebang-regtime.pl_|-/usr/local/bin/regtime.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-regtime.pl __run_num__: 369 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.387 name: /usr/local/bin/regtime.pl pchanges: {} result: true start_time: '14:43:45.044707' file_|-sift-scripts-keydet-tools-shebang-rfc.pl_|-/usr/local/bin/rfc.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rfc.pl __run_num__: 371 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.728 name: /usr/local/bin/rfc.pl pchanges: {} result: true start_time: '14:43:45.059818' file_|-sift-scripts-keydet-tools-shebang-rlo.pl_|-/usr/local/bin/rlo.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rlo.pl __run_num__: 373 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.836 name: /usr/local/bin/rlo.pl pchanges: {} result: true start_time: '14:43:45.075134' file_|-sift-scripts-keydet-tools-shebang-tln.pl_|-/usr/local/bin/tln.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-tln.pl __run_num__: 375 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 2.994 name: /usr/local/bin/tln.pl pchanges: {} result: true start_time: '14:43:45.089453' file_|-sift-scripts-keydet-tools-shebang-usnj.pl_|-/usr/local/bin/usnj.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-usnj.pl __run_num__: 377 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.893 name: /usr/local/bin/usnj.pl pchanges: {} result: true start_time: '14:43:45.105348' file_|-sift-scripts-keydet-tools-tln.pl_|-/usr/local/bin/tln.pl_|-copy: __id__: sift-scripts-keydet-tools-tln.pl __run_num__: 374 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/tln.pl" exists and will not be overwritten duration: 1.212 name: /usr/local/bin/tln.pl result: true start_time: '14:43:45.083207' file_|-sift-scripts-keydet-tools-usnj.pl_|-/usr/local/bin/usnj.pl_|-copy: __id__: sift-scripts-keydet-tools-usnj.pl __run_num__: 376 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/usnj.pl" exists and will not be overwritten duration: 1.487 name: /usr/local/bin/usnj.pl result: true start_time: '14:43:45.098097' file_|-sift-scripts-packerid-shebang_|-/usr/local/bin/packerid.py_|-replace: __id__: sift-scripts-packerid-shebang __run_num__: 379 __sls__: sift.scripts.packerid changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/local/bin/python\n+#!/usr/bin/env python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" comment: Changes were made duration: 3.396 name: /usr/local/bin/packerid.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/local/bin/python\n+#!/usr/bin/env python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" result: true start_time: '14:43:46.111335' file_|-sift-scripts-packerid_|-/usr/local/bin/packerid.py_|-managed: __id__: sift-scripts-packerid __run_num__: 378 __sls__: sift.scripts.packerid changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env python\n+#!/usr/local/bin/python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" comment: File /usr/local/bin/packerid.py updated duration: 292.146 name: /usr/local/bin/packerid.py pchanges: {} result: true start_time: '14:43:45.112473' file_|-sift-scripts-parseusn_|-/usr/local/bin/parseusn.py_|-managed: __id__: sift-scripts-parseusn __run_num__: 381 __sls__: sift.scripts.parseusn changes: {} comment: File /usr/local/bin/parseusn.py is in the correct state duration: 247.617 name: /usr/local/bin/parseusn.py pchanges: {} result: true start_time: '14:43:46.189019' file_|-sift-scripts-pecarve-shebang_|-/usr/local/bin/pecarve.py_|-prepend: __id__: sift-scripts-pecarve-shebang __run_num__: 384 __sls__: sift.scripts.pe-carver changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n # PE File Carver\n # by Brian Baskin (@bbaskin)\n # \n" comment: Prepended 1 lines duration: 2.968 name: /usr/local/bin/pecarve.py pchanges: {} result: true start_time: '14:43:47.523883' file_|-sift-scripts-pecarve_|-/usr/local/bin/pecarve.py_|-managed: __id__: sift-scripts-pecarve __run_num__: 383 __sls__: sift.scripts.pe-carver changes: diff: "--- \n+++ \n@@ -1,4 +1,3 @@\n-#!/usr/bin/env python\n # PE File Carver\n # by Brian Baskin (@bbaskin)\n # \n" comment: File /usr/local/bin/pecarve.py updated duration: 263.418 name: /usr/local/bin/pecarve.py pchanges: {} result: true start_time: '14:43:46.533129' file_|-sift-scripts-pescanner_|-/usr/local/bin/pescanner.py_|-managed: __id__: sift-scripts-pescanner __run_num__: 385 __sls__: sift.scripts.pescanner changes: {} comment: File /usr/local/bin/pescanner.py is in the correct state duration: 233.446 name: /usr/local/bin/pescanner.py pchanges: {} result: true start_time: '14:43:47.529338' file_|-sift-scripts-regripper-binary-symlink_|-/usr/local/bin/rip.pl_|-symlink: __id__: sift-scripts-regripper-binary-symlink __run_num__: 390 __sls__: sift.scripts.regripper changes: {} comment: Symlink /usr/local/bin/rip.pl is present and owned by root:root duration: 1.367 name: /usr/local/bin/rip.pl pchanges: {} result: true start_time: '14:43:50.425550' file_|-sift-scripts-regripper-binary_|-/usr/local/share/regripper/rip.pl_|-managed: __id__: sift-scripts-regripper-binary __run_num__: 388 __sls__: sift.scripts.regripper changes: {} comment: File /usr/local/share/regripper/rip.pl is in the correct state duration: 8.801 name: /usr/local/share/regripper/rip.pl pchanges: {} result: true start_time: '14:43:50.408093' file_|-sift-scripts-regripper-directory_|-/usr/local/share/regripper_|-directory: __id__: sift-scripts-regripper-directory __run_num__: 387 __sls__: sift.scripts.regripper changes: {} comment: 'Directory /usr/local/share/regripper is in the correct state Directory /usr/local/share/regripper updated' duration: 0.999 name: /usr/local/share/regripper pchanges: {} result: true start_time: '14:43:50.403168' file_|-sift-scripts-regripper-plugins-symlink_|-/usr/local/share/regripper/plugins_|-symlink: __id__: sift-scripts-regripper-plugins-symlink __run_num__: 389 __sls__: sift.scripts.regripper changes: {} comment: Symlink /usr/local/share/regripper/plugins is present and owned by root:root duration: 1.777 name: /usr/local/share/regripper/plugins pchanges: {} result: true start_time: '14:43:50.421384' file_|-sift-scripts-shim-cache-parser-shebang_|-/usr/local/bin/ShimCacheParser.py_|-prepend: __id__: sift-scripts-shim-cache-parser-shebang __run_num__: 406 __sls__: sift.scripts.shim-cache-parser changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n # ShimCacheParser.py\r\n #\r\n # Andrew Davis, andrew.davis@mandiant.com\r\n" comment: Prepended 1 lines duration: 4.485 name: /usr/local/bin/ShimCacheParser.py pchanges: {} result: true start_time: '14:43:52.802141' file_|-sift-scripts-shim-cache-parser_|-/usr/local/bin/ShimCacheParser.py_|-managed: __id__: sift-scripts-shim-cache-parser __run_num__: 405 __sls__: sift.scripts.shim-cache-parser changes: diff: "--- \n+++ \n@@ -1,4 +1,3 @@\n-#!/usr/bin/env python\n # ShimCacheParser.py\r\n #\r\n # Andrew Davis, andrew.davis@mandiant.com\r\n" comment: File /usr/local/bin/ShimCacheParser.py updated duration: 352.974 name: /usr/local/bin/ShimCacheParser.py pchanges: {} result: true start_time: '14:43:51.615430' file_|-sift-scripts-sqlparser-shebang_|-/usr/local/bin/sqlparser.py_|-prepend: __id__: sift-scripts-sqlparser-shebang __run_num__: 416 __sls__: sift.scripts.sqlparser changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n #sqlparse.py\n #\n #This program parses an SQLite3 database for deleted entires and\n" comment: Prepended 1 lines duration: 2.35 name: /usr/local/bin/sqlparser.py pchanges: {} result: true start_time: '14:43:55.019110' file_|-sift-scripts-sqlparser_|-/usr/local/bin/sqlparser.py_|-managed: __id__: sift-scripts-sqlparser __run_num__: 415 __sls__: sift.scripts.sqlparser changes: diff: "--- \n+++ \n@@ -1,4 +1,3 @@\n-#!/usr/bin/env python\n #sqlparse.py\n #\n #This program parses an SQLite3 database for deleted entires and\n" comment: File /usr/local/bin/sqlparser.py updated duration: 1197.02 name: /usr/local/bin/sqlparser.py pchanges: {} result: true start_time: '14:43:53.104218' file_|-sift-scripts-usbdeviceforensics-shebang_|-/usr/local/bin/usbdeviceforensics.py_|-replace: __id__: sift-scripts-usbdeviceforensics-shebang __run_num__: 418 __sls__: sift.scripts.usbdeviceforensics changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" comment: Changes were made duration: 5.567 name: /usr/local/bin/usbdeviceforensics.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" result: true start_time: '14:43:56.152964' file_|-sift-scripts-usbdeviceforensics_|-/usr/local/bin/usbdeviceforensics.py_|-managed: __id__: sift-scripts-usbdeviceforensics __run_num__: 417 __sls__: sift.scripts.usbdeviceforensics changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env python\n+#!/usr/bin/python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" comment: File /usr/local/bin/usbdeviceforensics.py updated duration: 418.452 name: /usr/local/bin/usbdeviceforensics.py pchanges: {} result: true start_time: '14:43:55.021644' file_|-sift-scripts-virustotal-search-script_|-/usr/local/bin/virustotal-search.py_|-managed: __id__: sift-scripts-virustotal-search-script __run_num__: 420 __sls__: sift.scripts.virustotal-tools changes: {} comment: File /usr/local/bin/virustotal-search.py is in the correct state duration: 4.563 name: /usr/local/bin/virustotal-search.py pchanges: {} result: true start_time: '14:43:57.084299' file_|-sift-scripts-virustotal-submit-script_|-/usr/local/bin/virustotal-submit.py_|-managed: __id__: sift-scripts-virustotal-submit-script __run_num__: 422 __sls__: sift.scripts.virustotal-tools changes: {} comment: File /usr/local/bin/virustotal-submit.py is in the correct state duration: 3.806 name: /usr/local/bin/virustotal-submit.py pchanges: {} result: true start_time: '14:43:57.846712' file_|-sift-scripts-vshot_|-/usr/local/bin/vshot_|-managed: __id__: sift-scripts-vshot __run_num__: 423 __sls__: sift.scripts.vshot changes: {} comment: File /usr/local/bin/vshot is in the correct state duration: 234.915 name: /usr/local/bin/vshot pchanges: {} result: true start_time: '14:43:57.860629' file_|-sift-tool-densityscout-binary_|-/usr/local/bin/densityscout-build-45_|-copy: __id__: sift-tool-densityscout-binary __run_num__: 271 __sls__: sift.tools.densityscout changes: {} comment: The target file "/usr/local/bin/densityscout-build-45" exists and will not be overwritten duration: 3.513 name: /usr/local/bin/densityscout-build-45 result: true start_time: '14:43:20.289979' file_|-sift-tool-densityscout-link_|-/usr/local/bin/densityscout_|-symlink: __id__: sift-tool-densityscout-link __run_num__: 272 __sls__: sift.tools.densityscout changes: {} comment: Symlink /usr/local/bin/densityscout is present and owned by root:root duration: 3.561 name: /usr/local/bin/densityscout pchanges: {} result: true start_time: '14:43:20.302824' file_|-sift-tool-sift-cli_|-/usr/local/bin/sift_|-managed: __id__: sift-tool-sift-cli __run_num__: 273 __sls__: sift.tools.sift-cli changes: {} comment: File /usr/local/bin/sift is in the correct state duration: 16540.175 name: /usr/local/bin/sift pchanges: {} result: true start_time: '14:43:20.307153' file_|-sift-version-file_|-/etc/sift-version_|-managed: __run_num__: 497 __sls__: sift.vm changes: {} comment: 'One or more requisite failed: sift.packages.sift-packages' result: false file_|-symlinks-cases_|-/home/sansforensics/Desktop/cases_|-symlink: __id__: symlinks-cases __run_num__: 438 __sls__: sift.config.user.symlinks changes: {} comment: Symlink /home/sansforensics/Desktop/cases is present and owned by sansforensics:sansforensics duration: 1.449 name: /home/sansforensics/Desktop/cases pchanges: {} result: true start_time: '14:43:58.562153' file_|-symlinks-mount-points_|-/home/sansforensics/Desktop/mount_points_|-symlink: __id__: symlinks-mount-points __run_num__: 437 __sls__: sift.config.user.symlinks changes: {} comment: Symlink /home/sansforensics/Desktop/mount_points is present and owned by sansforensics:sansforensics duration: 1.09 name: /home/sansforensics/Desktop/mount_points pchanges: {} result: true start_time: '14:43:58.556872' file_|-symlinks-user-desktop-directory_|-/home/sansforensics/Desktop_|-directory: __id__: symlinks-user-desktop-directory __run_num__: 436 __sls__: sift.config.user.symlinks changes: {} comment: 'Directory /home/sansforensics/Desktop is in the correct state Directory /home/sansforensics/Desktop updated' duration: 0.928 name: /home/sansforensics/Desktop pchanges: {} result: true start_time: '14:43:58.551424' file_|-theme-manage-autostart_|-/home/sansforensics/.config/autostart/_|-directory: __id__: theme-manage-autostart __run_num__: 443 __sls__: sift.config.user.theme changes: {} comment: 'Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated' duration: 0.79 name: /home/sansforensics/.config/autostart/ pchanges: {} result: true start_time: '14:43:58.584613' file_|-theme-manage-gnome-terminal_|-/home/sansforensics/.config/autostart/gnome-terminal.desktop_|-managed: __id__: theme-manage-gnome-terminal __run_num__: 444 __sls__: sift.config.user.theme changes: {} comment: File /home/sansforensics/.config/autostart/gnome-terminal.desktop is in the correct state duration: 2.862 name: /home/sansforensics/.config/autostart/gnome-terminal.desktop pchanges: {} result: true start_time: '14:43:58.589871' file_|-theme-set-background-directory_|-/usr/share/backgrounds_|-directory: __id__: theme-set-background-directory __run_num__: 439 __sls__: sift.config.user.theme changes: {} comment: 'Directory /usr/share/backgrounds is in the correct state Directory /usr/share/backgrounds updated' duration: 0.914 name: /usr/share/backgrounds pchanges: {} result: true start_time: '14:43:58.563782' file_|-theme-set-background_|-/usr/share/backgrounds/warty-final-ubuntu.png_|-managed: __id__: theme-set-background __run_num__: 440 __sls__: sift.config.user.theme changes: {} comment: File /usr/share/backgrounds/warty-final-ubuntu.png is in the correct state duration: 3.687 name: /usr/share/backgrounds/warty-final-ubuntu.png pchanges: {} result: true start_time: '14:43:58.571692' file_|-theme-set-unity-logo-directory_|-/usr/share/unity-greeter_|-directory: __id__: theme-set-unity-logo-directory __run_num__: 441 __sls__: sift.config.user.theme changes: {} comment: 'Directory /usr/share/unity-greeter is in the correct state Directory /usr/share/unity-greeter updated' duration: 0.752 name: /usr/share/unity-greeter pchanges: {} result: true start_time: '14:43:58.575582' file_|-theme-set-unity-logo_|-/usr/share/unity-greeter/logo.png_|-managed: __id__: theme-set-unity-logo __run_num__: 442 __sls__: sift.config.user.theme changes: {} comment: File /usr/share/unity-greeter/logo.png is in the correct state duration: 3.411 name: /usr/share/unity-greeter/logo.png pchanges: {} result: true start_time: '14:43:58.581010' git_|-python-volatility-community-plugins_|-https://github.com/sans-dfir/volatility-plugins-community.git_|-latest: __id__: python-volatility-community-plugins __run_num__: 179 __sls__: sift.packages.python-volatility changes: forced update: true comment: 'fatal: Branch ''master'' has no upstream information Changes already made: Remote ''origin'' changed from https://github.com/volatilityfoundation/community.git to https://github.com/sans-dfir/volatility-plugins-community.git. Local changes were discarded. Repository was hard-reset to acc4319.' duration: 2857.813 name: https://github.com/sans-dfir/volatility-plugins-community.git result: false start_time: '14:42:12.882566' git_|-sift-scripts-4n6-git_|-https://github.com/cheeky4n6monkey/4n6-scripts.git_|-latest: __id__: sift-scripts-4n6-git __run_num__: 275 __sls__: sift.scripts.4n6 changes: {} comment: Repository /usr/local/src/4n6-scripts is up-to-date duration: 2425.151 name: https://github.com/cheeky4n6monkey/4n6-scripts.git result: true start_time: '14:43:36.855390' git_|-sift-scripts-keydet-tools-git_|-https://github.com/keydet89/Tools.git_|-latest: __id__: sift-scripts-keydet-tools-git __run_num__: 321 __sls__: sift.scripts.keydet-tools changes: {} comment: Repository /usr/local/src/keydet-tools is up-to-date duration: 2626.891 name: https://github.com/keydet89/Tools.git result: true start_time: '14:43:41.974044' git_|-sift-scripts-regripper-git_|-https://github.com/keydet89/RegRipper2.8.git_|-latest: __id__: sift-scripts-regripper-git __run_num__: 386 __sls__: sift.scripts.regripper changes: forced update: true comment: 'Repository /usr/local/src/regripper is up-to-date Changes made: Local changes were discarded. Repository was hard-reset to origin/master (c65c823).' duration: 2628.948 name: https://github.com/keydet89/RegRipper2.8.git result: true start_time: '14:43:47.771210' host_|-hostname-set-hosts_|-siftworkstation_|-present: __id__: hostname-set-hosts __run_num__: 427 __sls__: sift.config.hostname changes: {} comment: Host siftworkstation (127.0.0.1) already present duration: 0.843 name: siftworkstation result: true start_time: '14:43:58.266551' pip_|-analyzemft_|-analyzemft_|-installed: __id__: analyzemft __run_num__: 247 __sls__: sift.python-packages.analyzemft changes: {} comment: 'Python package analyzemft was already installed All packages were successfully installed' duration: 2028.004 name: analyzemft result: true start_time: '14:42:29.885959' pip_|-argparse_|-argparse_|-installed: __id__: argparse __run_num__: 248 __sls__: sift.python-packages.argparse changes: {} comment: There was no error installing package 'argparse' although it does not show when calling 'pip.freeze'. duration: 3195.135 name: argparse result: true start_time: '14:42:31.917349' pip_|-bitstring_|-bitstring_|-installed: __id__: bitstring __run_num__: 249 __sls__: sift.python-packages.bitstring changes: {} comment: 'Python package bitstring was already installed All packages were successfully installed' duration: 1887.239 name: bitstring result: true start_time: '14:42:35.117778' pip_|-colorama_|-colorama_|-installed: __id__: colorama __run_num__: 166 __sls__: sift.python-packages.colorama changes: {} comment: 'Python package colorama was already installed All packages were successfully installed' duration: 1934.18 name: colorama result: true start_time: '14:41:41.667522' pip_|-construct_|-construct_|-installed: __id__: construct __run_num__: 167 __sls__: sift.python-packages.construct changes: {} comment: 'Python package construct was already installed All packages were successfully installed' duration: 1947.162 name: construct result: true start_time: '14:41:43.605799' pip_|-distorm3_|-distorm3_|-installed: __id__: distorm3 __run_num__: 169 __sls__: sift.python-packages.distorm3 changes: {} comment: 'Python package distorm3 was already installed All packages were successfully installed' duration: 1935.536 name: distorm3 result: true start_time: '14:41:49.039284' pip_|-docopt_|-docopt_|-installed: __id__: docopt __run_num__: 250 __sls__: sift.python-packages.docopt changes: {} comment: 'Python package docopt was already installed All packages were successfully installed' duration: 1962.42 name: docopt result: true start_time: '14:42:37.005516' pip_|-dpapick_|-dpapick_|-installed: __id__: dpapick __run_num__: 168 __sls__: sift.python-packages.dpapick changes: {} comment: All packages were successfully installed duration: 3474.601 name: dpapick result: true start_time: '14:41:45.561409' pip_|-haystack_|-haystack_|-installed: __id__: haystack __run_num__: 170 __sls__: sift.python-packages.haystack changes: {} comment: All packages were successfully installed duration: 3573.047 name: haystack result: true start_time: '14:41:50.977456' pip_|-ioc_writer_|-ioc_writer_|-installed: __id__: ioc_writer __run_num__: 172 __sls__: sift.python-packages.ioc_writer changes: {} comment: 'Python package ioc_writer was already installed All packages were successfully installed' duration: 1965.122 name: ioc_writer result: true start_time: '14:41:56.555925' pip_|-lxml_|-lxml_|-installed: __id__: lxml __run_num__: 171 __sls__: sift.python-packages.lxml changes: {} comment: 'Python package lxml was already installed All packages were successfully installed' duration: 1990.224 name: lxml result: true start_time: '14:41:54.556984' pip_|-pefile_|-pefile_|-installed: __id__: pefile __run_num__: 173 __sls__: sift.python-packages.pefile changes: {} comment: 'Python package pefile was already installed All packages were successfully installed' duration: 1960.143 name: pefile result: true start_time: '14:41:58.527441' pip_|-pip_|-pip_|-installed: __id__: pip __run_num__: 252 __sls__: sift.python-packages.pip changes: {} comment: All packages were successfully installed duration: 4226.635 name: pip result: true start_time: '14:42:40.951393' pip_|-pycoin_|-pycoin_|-installed: __id__: pycoin __run_num__: 174 __sls__: sift.python-packages.pycoin changes: {} comment: All packages were successfully installed duration: 3549.741 name: pycoin result: true start_time: '14:42:00.490418' pip_|-pysocks_|-pysocks_|-installed: __id__: pysocks __run_num__: 175 __sls__: sift.python-packages.pysocks changes: {} comment: 'Python package pysocks was already installed All packages were successfully installed' duration: 1903.409 name: pysocks result: true start_time: '14:42:04.045417' pip_|-python-dateutil_|-python-dateutil >= 2.4.2_|-installed: __id__: python-dateutil __run_num__: 253 __sls__: sift.python-packages.python-dateutil changes: {} comment: 'Python package python-dateutil >= 2.4.2 was already installed All packages were successfully installed' duration: 2520.019 name: python-dateutil >= 2.4.2 result: true start_time: '14:42:45.181240' pip_|-python-evtx_|-python-evtx_|-installed: __id__: python-evtx __run_num__: 254 __sls__: sift.python-packages.python-evtx changes: {} comment: 'Python package python-evtx was already installed All packages were successfully installed' duration: 1851.535 name: python-evtx result: true start_time: '14:42:47.706583' pip_|-python-magic_|-python-magic_|-installed: __id__: python-magic __run_num__: 255 __sls__: sift.python-packages.python-magic changes: {} comment: 'Python package python-magic was already installed All packages were successfully installed' duration: 1949.37 name: python-magic result: true start_time: '14:42:49.561922' pip_|-python-registry_|-python-registry_|-installed: __id__: python-registry __run_num__: 256 __sls__: sift.python-packages.python-registry changes: {} comment: 'Python package python-registry was already installed All packages were successfully installed' duration: 1872.013 name: python-registry result: true start_time: '14:42:51.514006' pip_|-rekall_|-rekall_|-installed: __id__: rekall __run_num__: 260 __sls__: sift.python-packages.rekall changes: {} comment: 'Python package rekall was already installed All packages were successfully installed' duration: 1426.042 name: rekall result: true start_time: '14:43:02.825698' pip_|-setuptools_|-setuptools_|-installed: __id__: setuptools __run_num__: 257 __sls__: sift.python-packages.setuptools changes: {} comment: All packages were successfully installed duration: 3649.194 name: setuptools result: true start_time: '14:42:53.396006' pip_|-sift-pip-geoip2_|-geoip2_|-installed: __id__: sift-pip-geoip2 __run_num__: 251 __sls__: sift.python-packages.geoip2 changes: {} comment: 'Python package geoip2 was already installed All packages were successfully installed' duration: 1976.396 name: geoip2 result: true start_time: '14:42:38.972210' pip_|-sift-pip-virustotal-api_|-virustotal-api_|-installed: __id__: sift-pip-virustotal-api __run_num__: 267 __sls__: sift.python-packages.virustotal-api changes: {} comment: 'Python package virustotal-api was already installed All packages were successfully installed' duration: 1974.977 name: virustotal-api result: true start_time: '14:43:15.889990' pip_|-simplejson_|-simplejson_|-installed: __id__: simplejson __run_num__: 176 __sls__: sift.python-packages.simplejson changes: {} comment: All packages were successfully installed duration: 3504.286 name: simplejson result: true start_time: '14:42:05.951709' pip_|-six_|-six_|-installed: __id__: six __run_num__: 261 __sls__: sift.python-packages.six changes: {} comment: 'Python package six was already installed All packages were successfully installed' duration: 2005.676 name: six result: true start_time: '14:43:04.254498' pip_|-stix-validator_|-stix-validator_|-installed: __id__: stix-validator __run_num__: 263 __sls__: sift.python-packages.stix-validator changes: {} comment: 'Python package stix-validator was already installed All packages were successfully installed' duration: 1932.412 name: stix-validator result: true start_time: '14:43:08.243808' pip_|-stix_|-stix_|-installed: __id__: stix __run_num__: 262 __sls__: sift.python-packages.stix changes: {} comment: 'Python package stix was already installed All packages were successfully installed' duration: 1969.669 name: stix result: true start_time: '14:43:06.267550' pip_|-timesketch_|-timesketch_|-installed: __id__: timesketch __run_num__: 264 __sls__: sift.python-packages.timesketch changes: {} comment: 'Python package timesketch was already installed All packages were successfully installed' duration: 1891.707 name: timesketch result: true start_time: '14:43:10.185866' pip_|-unicodecsv_|-unicodecsv_|-installed: __id__: unicodecsv __run_num__: 265 __sls__: sift.python-packages.unicodecsv changes: {} comment: 'Python package unicodecsv was already installed All packages were successfully installed' duration: 1856.638 name: unicodecsv result: true start_time: '14:43:12.083028' pip_|-usnparser_|-usnparser_|-installed: __id__: usnparser __run_num__: 266 __sls__: sift.python-packages.usnparser changes: {} comment: 'Python package usnparser was already installed All packages were successfully installed' duration: 1944.075 name: usnparser result: true start_time: '14:43:13.944000' pip_|-wheel_|-wheel_|-installed: __id__: wheel __run_num__: 258 __sls__: sift.python-packages.wheel changes: {} comment: All packages were successfully installed duration: 3246.5 name: wheel result: true start_time: '14:42:57.048007' pip_|-windowsprefetch_|-windowsprefetch_|-installed: __id__: windowsprefetch __run_num__: 268 __sls__: sift.python-packages.windowsprefetch changes: {} comment: 'Python package windowsprefetch was already installed All packages were successfully installed' duration: 2000.07 name: windowsprefetch result: true start_time: '14:43:17.870242' pip_|-yara-python_|-yara-python_|-installed: __id__: yara-python __run_num__: 177 __sls__: sift.python-packages.yara-python changes: {} comment: All packages were successfully installed duration: 3298.272 name: yara-python result: true start_time: '14:42:09.459260' pkg_|-aeskeyfind_|-aeskeyfind_|-installed: __id__: aeskeyfind __run_num__: 15 __sls__: sift.packages.aeskeyfind changes: {} comment: Package aeskeyfind is already installed duration: 10.178 name: aeskeyfind result: true start_time: '14:41:14.683353' pkg_|-afflib-tools_|-afflib-tools_|-installed: __id__: afflib-tools __run_num__: 16 __sls__: sift.packages.afflib-tools changes: {} comment: Package afflib-tools is already installed duration: 6.138 name: afflib-tools result: true start_time: '14:41:14.693754' pkg_|-afterglow_|-afterglow_|-installed: __id__: afterglow __run_num__: 17 __sls__: sift.packages.afterglow changes: {} comment: Package afterglow is already installed duration: 5.342 name: afterglow result: true start_time: '14:41:14.700088' pkg_|-aircrack-ng_|-aircrack-ng_|-installed: __id__: aircrack-ng __run_num__: 18 __sls__: sift.packages.aircrack-ng changes: {} comment: Package aircrack-ng is already installed duration: 5.122 name: aircrack-ng result: true start_time: '14:41:14.705599' pkg_|-apache2_|-apache2_|-installed: __id__: apache2 __run_num__: 19 __sls__: sift.packages.apache2 changes: {} comment: Package apache2 is already installed duration: 5.393 name: apache2 result: true start_time: '14:41:14.710886' pkg_|-apt-transport-https_|-apt-transport-https_|-installed: __id__: apt-transport-https __run_num__: 1 __sls__: sift.packages.apt-transport-https changes: {} comment: Package apt-transport-https is already installed duration: 5.375 name: apt-transport-https result: true start_time: '14:41:08.229419' pkg_|-arp-scan_|-arp-scan_|-installed: __id__: arp-scan __run_num__: 20 __sls__: sift.packages.arp-scan changes: {} comment: Package arp-scan is already installed duration: 5.255 name: arp-scan result: true start_time: '14:41:14.716438' pkg_|-autopsy_|-autopsy_|-installed: __id__: autopsy __run_num__: 21 __sls__: sift.packages.autopsy changes: {} comment: Package autopsy is already installed duration: 4.855 name: autopsy result: true start_time: '14:41:14.721831' pkg_|-bcrypt_|-bcrypt_|-installed: __id__: bcrypt __run_num__: 22 __sls__: sift.packages.bcrypt changes: {} comment: Package bcrypt is already installed duration: 6.004 name: bcrypt result: true start_time: '14:41:14.726817' pkg_|-binplist_|-binplist_|-removed: __id__: binplist __run_num__: 13 __sls__: sift.packages.absent.binplist changes: {} comment: All specified packages are already absent duration: 12.343 name: binplist result: true start_time: '14:41:14.659417' pkg_|-bitpim-lib_|-bitpim-lib_|-installed: __id__: bitpim-lib __run_num__: 24 __sls__: sift.packages.bitpim-lib changes: {} comment: Package bitpim-lib is already installed duration: 6.694 name: bitpim-lib result: true start_time: '14:41:14.739110' pkg_|-bitpim_|-bitpim_|-installed: __id__: bitpim __run_num__: 23 __sls__: sift.packages.bitpim changes: {} comment: Package bitpim is already installed duration: 5.945 name: bitpim result: true start_time: '14:41:14.732982' pkg_|-bkhive_|-bkhive_|-installed: __id__: bkhive __run_num__: 25 __sls__: sift.packages.bkhive changes: {} comment: Package bkhive is already installed duration: 6.077 name: bkhive result: true start_time: '14:41:14.746079' pkg_|-bless_|-bless_|-installed: __id__: bless __run_num__: 26 __sls__: sift.packages.bless changes: {} comment: Package bless is already installed duration: 5.107 name: bless result: true start_time: '14:41:14.752329' pkg_|-blt_|-blt_|-installed: __id__: blt __run_num__: 27 __sls__: sift.packages.blt changes: {} comment: Package blt is already installed duration: 5.244 name: blt result: true start_time: '14:41:14.757612' pkg_|-build-essential_|-build-essential_|-installed: __id__: build-essential __run_num__: 28 __sls__: sift.packages.build-essential changes: {} comment: Package build-essential is already installed duration: 6.752 name: build-essential result: true start_time: '14:41:14.763138' pkg_|-bulk-extractor_|-bulk-extractor_|-installed: __id__: bulk-extractor __run_num__: 29 __sls__: sift.packages.bulk-extractor changes: {} comment: Package bulk-extractor is already installed duration: 6.05 name: bulk-extractor result: true start_time: '14:41:14.774276' pkg_|-cabextract_|-cabextract_|-installed: __id__: cabextract __run_num__: 30 __sls__: sift.packages.cabextract changes: {} comment: Package cabextract is already installed duration: 6.331 name: cabextract result: true start_time: '14:41:14.780547' pkg_|-ccrypt_|-ccrypt_|-installed: __id__: ccrypt __run_num__: 31 __sls__: sift.packages.ccrypt changes: {} comment: Package ccrypt is already installed duration: 5.339 name: ccrypt result: true start_time: '14:41:14.787068' pkg_|-cifs-utils_|-cifs-utils_|-installed: __id__: cifs-utils __run_num__: 32 __sls__: sift.packages.cifs-utils changes: {} comment: Package cifs-utils is already installed duration: 5.847 name: cifs-utils result: true start_time: '14:41:14.792596' pkg_|-clamav_|-clamav_|-installed: __id__: clamav __run_num__: 33 __sls__: sift.packages.clamav changes: {} comment: Package clamav is already installed duration: 5.261 name: clamav result: true start_time: '14:41:14.798630' pkg_|-cmospwd_|-cmospwd_|-installed: __id__: cmospwd __run_num__: 34 __sls__: sift.packages.cmospwd changes: {} comment: Package cmospwd is already installed duration: 4.883 name: cmospwd result: true start_time: '14:41:14.804059' pkg_|-cryptcat_|-cryptcat_|-installed: __id__: cryptcat __run_num__: 35 __sls__: sift.packages.cryptcat changes: {} comment: Package cryptcat is already installed duration: 5.565 name: cryptcat result: true start_time: '14:41:14.809081' pkg_|-cryptsetup_|-cryptsetup_|-installed: __id__: cryptsetup __run_num__: 36 __sls__: sift.packages.cryptsetup changes: {} comment: Package cryptsetup is already installed duration: 5.643 name: cryptsetup result: true start_time: '14:41:14.814842' pkg_|-curl_|-curl_|-installed: __id__: curl __run_num__: 37 __sls__: sift.packages.curl changes: {} comment: Package curl is already installed duration: 6.733 name: curl result: true start_time: '14:41:14.820648' pkg_|-dc3dd_|-dc3dd_|-installed: __id__: dc3dd __run_num__: 38 __sls__: sift.packages.dc3dd changes: {} comment: Package dc3dd is already installed duration: 5.611 name: dc3dd result: true start_time: '14:41:14.827568' pkg_|-dcfldd_|-dcfldd_|-installed: __id__: dcfldd __run_num__: 39 __sls__: sift.packages.dcfldd changes: {} comment: Package dcfldd is already installed duration: 5.115 name: dcfldd result: true start_time: '14:41:14.833347' pkg_|-dconf-tools_|-dconf-tools_|-installed: __id__: dconf-tools __run_num__: 40 __sls__: sift.packages.dconf-tools changes: {} comment: Package dconf-tools is already installed duration: 5.296 name: dconf-tools result: true start_time: '14:41:14.838635' pkg_|-docker-engine_|-docker-engine_|-installed: __id__: docker-engine __run_num__: 41 __sls__: sift.packages.docker-engine changes: {} comment: Package docker-engine is already installed duration: 5.139 name: docker-engine result: true start_time: '14:41:14.846245' pkg_|-driftnet_|-driftnet_|-installed: __id__: driftnet __run_num__: 42 __sls__: sift.packages.driftnet changes: {} comment: Package driftnet is already installed duration: 5.523 name: driftnet result: true start_time: '14:41:14.851544' pkg_|-dsniff_|-dsniff_|-installed: __id__: dsniff __run_num__: 43 __sls__: sift.packages.dsniff changes: {} comment: Package dsniff is already installed duration: 6.773 name: dsniff result: true start_time: '14:41:14.857237' pkg_|-dumbpig_|-dumbpig_|-installed: __id__: dumbpig __run_num__: 44 __sls__: sift.packages.dumbpig changes: {} comment: Package dumbpig is already installed duration: 5.716 name: dumbpig result: true start_time: '14:41:14.864312' pkg_|-e2fslibs-dev_|-e2fslibs-dev_|-installed: __id__: e2fslibs-dev __run_num__: 45 __sls__: sift.packages.e2fslibs-dev changes: {} comment: Package e2fslibs-dev is already installed duration: 5.324 name: e2fslibs-dev result: true start_time: '14:41:14.870195' pkg_|-ent_|-ent_|-installed: __id__: ent __run_num__: 46 __sls__: sift.packages.ent changes: {} comment: Package ent is already installed duration: 5.249 name: ent result: true start_time: '14:41:14.875666' pkg_|-epic5_|-epic5_|-installed: __id__: epic5 __run_num__: 47 __sls__: sift.packages.epic5 changes: {} comment: Package epic5 is already installed duration: 5.208 name: epic5 result: true start_time: '14:41:14.881073' pkg_|-etherape_|-etherape_|-installed: __id__: etherape __run_num__: 48 __sls__: sift.packages.etherape changes: {} comment: Package etherape is already installed duration: 5.942 name: etherape result: true start_time: '14:41:14.886431' pkg_|-ettercap-graphical_|-ettercap-graphical_|-installed: __id__: ettercap-graphical __run_num__: 49 __sls__: sift.packages.ettercap-graphical changes: {} comment: Package ettercap-graphical is already installed duration: 4.979 name: ettercap-graphical result: true start_time: '14:41:14.892522' pkg_|-exfat-fuse_|-exfat-fuse_|-installed: __id__: exfat-fuse __run_num__: 50 __sls__: sift.packages.exfat-fuse changes: {} comment: Package exfat-fuse is already installed duration: 6.075 name: exfat-fuse result: true start_time: '14:41:14.897670' pkg_|-exfat-utils_|-exfat-utils_|-installed: __id__: exfat-utils __run_num__: 51 __sls__: sift.packages.exfat-utils changes: {} comment: Package exfat-utils is already installed duration: 5.42 name: exfat-utils result: true start_time: '14:41:14.903948' pkg_|-exif_|-exif_|-installed: __id__: exif __run_num__: 52 __sls__: sift.packages.exif changes: {} comment: Package exif is already installed duration: 6.467 name: exif result: true start_time: '14:41:14.909535' pkg_|-extundelete_|-extundelete_|-installed: __id__: extundelete __run_num__: 53 __sls__: sift.packages.extundelete changes: {} comment: Package extundelete is already installed duration: 5.483 name: extundelete result: true start_time: '14:41:14.916165' pkg_|-fdupes_|-fdupes_|-installed: __id__: fdupes __run_num__: 54 __sls__: sift.packages.fdupes changes: {} comment: Package fdupes is already installed duration: 5.109 name: fdupes result: true start_time: '14:41:14.921833' pkg_|-feh_|-feh_|-installed: __id__: feh __run_num__: 55 __sls__: sift.packages.feh changes: {} comment: Package feh is already installed duration: 5.227 name: feh result: true start_time: '14:41:14.927088' pkg_|-flasm_|-flasm_|-installed: __id__: flasm __run_num__: 56 __sls__: sift.packages.flasm changes: {} comment: Package flasm is already installed duration: 4.994 name: flasm result: true start_time: '14:41:14.932460' pkg_|-flex_|-flex_|-installed: __id__: flex __run_num__: 57 __sls__: sift.packages.flex changes: {} comment: Package flex is already installed duration: 5.081 name: flex result: true start_time: '14:41:14.937587' pkg_|-foremost_|-foremost_|-installed: __id__: foremost __run_num__: 58 __sls__: sift.packages.foremost changes: {} comment: Package foremost is already installed duration: 5.9 name: foremost result: true start_time: '14:41:14.942814' pkg_|-g++_|-g++_|-installed: __id__: g++ __run_num__: 59 __sls__: sift.packages.g++ changes: {} comment: Package g++ is already installed duration: 5.279 name: g++ result: true start_time: '14:41:14.948895' pkg_|-gawk_|-gawk_|-installed: __id__: gawk __run_num__: 60 __sls__: sift.packages.gawk changes: {} comment: Package gawk is already installed duration: 5.688 name: gawk result: true start_time: '14:41:14.954350' pkg_|-gcc_|-gcc_|-installed: __id__: gcc __run_num__: 61 __sls__: sift.packages.gcc changes: {} comment: Package gcc is already installed duration: 6.827 name: gcc result: true start_time: '14:41:14.960190' pkg_|-gdb_|-gdb_|-installed: __id__: gdb __run_num__: 62 __sls__: sift.packages.gdb changes: {} comment: Package gdb is already installed duration: 5.288 name: gdb result: true start_time: '14:41:14.967177' pkg_|-gddrescue_|-gddrescue_|-installed: __id__: gddrescue __run_num__: 63 __sls__: sift.packages.gddrescue changes: {} comment: Package gddrescue is already installed duration: 5.153 name: gddrescue result: true start_time: '14:41:14.972603' pkg_|-ghex_|-ghex_|-installed: __id__: ghex __run_num__: 64 __sls__: sift.packages.ghex changes: {} comment: Package ghex is already installed duration: 5.051 name: ghex result: true start_time: '14:41:14.977900' pkg_|-git_|-git_|-installed: __id__: git __run_num__: 65 __sls__: sift.packages.git changes: {} comment: Package git is already installed duration: 5.536 name: git result: true start_time: '14:41:14.983103' pkg_|-graphviz_|-graphviz_|-installed: __id__: graphviz __run_num__: 66 __sls__: sift.packages.graphviz changes: {} comment: Package graphviz is already installed duration: 5.431 name: graphviz result: true start_time: '14:41:14.988831' pkg_|-gthumb_|-gthumb_|-installed: __id__: gthumb __run_num__: 67 __sls__: sift.packages.gthumb changes: {} comment: Package gthumb is already installed duration: 5.823 name: gthumb result: true start_time: '14:41:14.994554' pkg_|-gzrt_|-gzrt_|-installed: __id__: gzrt __run_num__: 68 __sls__: sift.packages.gzrt changes: {} comment: Package gzrt is already installed duration: 6.129 name: gzrt result: true start_time: '14:41:15.000544' pkg_|-hexedit_|-hexedit_|-installed: __id__: hexedit __run_num__: 69 __sls__: sift.packages.hexedit changes: {} comment: Package hexedit is already installed duration: 5.071 name: hexedit result: true start_time: '14:41:15.006837' pkg_|-htop_|-htop_|-installed: __id__: htop __run_num__: 70 __sls__: sift.packages.htop changes: {} comment: Package htop is already installed duration: 5.571 name: htop result: true start_time: '14:41:15.012057' pkg_|-hydra-gtk_|-hydra-gtk_|-installed: __id__: hydra-gtk __run_num__: 72 __sls__: sift.packages.hydra-gtk changes: {} comment: Package hydra-gtk is already installed duration: 5.268 name: hydra-gtk result: true start_time: '14:41:15.022945' pkg_|-hydra_|-hydra_|-installed: __id__: hydra __run_num__: 71 __sls__: sift.packages.hydra changes: {} comment: Package hydra is already installed duration: 5.01 name: hydra result: true start_time: '14:41:15.017795' pkg_|-ipython_|-ipython_|-installed: __id__: ipython __run_num__: 73 __sls__: sift.packages.ipython changes: {} comment: Package ipython is already installed duration: 6.007 name: ipython result: true start_time: '14:41:15.028354' pkg_|-jq_|-jq_|-installed: __id__: jq __run_num__: 74 __sls__: sift.packages.jq changes: {} comment: Package jq is already installed duration: 5.424 name: jq result: true start_time: '14:41:15.034537' pkg_|-kdiff3_|-kdiff3_|-installed: __id__: kdiff3 __run_num__: 75 __sls__: sift.packages.kdiff3 changes: {} comment: Package kdiff3 is already installed duration: 5.867 name: kdiff3 result: true start_time: '14:41:15.040141' pkg_|-knocker_|-knocker_|-installed: __id__: knocker __run_num__: 76 __sls__: sift.packages.knocker changes: {} comment: Package knocker is already installed duration: 5.112 name: knocker result: true start_time: '14:41:15.046187' pkg_|-kpartx_|-kpartx_|-installed: __id__: kpartx __run_num__: 77 __sls__: sift.packages.kpartx changes: {} comment: Package kpartx is already installed duration: 5.275 name: kpartx result: true start_time: '14:41:15.051447' pkg_|-lft_|-lft_|-installed: __id__: lft __run_num__: 78 __sls__: sift.packages.lft changes: {} comment: Package lft is already installed duration: 5.17 name: lft result: true start_time: '14:41:15.056885' pkg_|-libafflib-dev_|-libafflib-dev_|-installed: __id__: libafflib-dev __run_num__: 79 __sls__: sift.packages.libafflib-dev changes: {} comment: Package libafflib-dev is already installed duration: 4.959 name: libafflib-dev result: true start_time: '14:41:15.062209' pkg_|-libafflib_|-libafflib0v5_|-installed: __id__: libafflib __run_num__: 80 __sls__: sift.packages.libafflib changes: {} comment: Package libafflib0v5 is already installed duration: 5.553 name: libafflib0v5 result: true start_time: '14:41:15.067310' pkg_|-libbde-tools_|-libbde-tools_|-installed: __id__: libbde-tools __run_num__: 82 __sls__: sift.packages.libbde-tools changes: {} comment: Package libbde-tools is already installed duration: 6.534 name: libbde-tools result: true start_time: '14:41:15.079019' pkg_|-libbde_|-libbde_|-installed: __id__: libbde __run_num__: 81 __sls__: sift.packages.libbde changes: {} comment: Package libbde is already installed duration: 5.757 name: libbde result: true start_time: '14:41:15.073034' pkg_|-libesedb-tools_|-libesedb-tools_|-installed: __id__: libesedb-tools __run_num__: 84 __sls__: sift.packages.libesedb-tools changes: {} comment: Package libesedb-tools is already installed duration: 5.402 name: libesedb-tools result: true start_time: '14:41:15.091225' pkg_|-libesedb_|-libesedb_|-installed: __id__: libesedb __run_num__: 83 __sls__: sift.packages.libesedb changes: {} comment: Package libesedb is already installed duration: 5.31 name: libesedb result: true start_time: '14:41:15.085750' pkg_|-libevt-tools_|-libevt-tools_|-installed: __id__: libevt-tools __run_num__: 86 __sls__: sift.packages.libevt-tools changes: {} comment: Package libevt-tools is already installed duration: 5.14 name: libevt-tools result: true start_time: '14:41:15.102127' pkg_|-libevt_|-libevt_|-installed: __id__: libevt __run_num__: 85 __sls__: sift.packages.libevt changes: {} comment: Package libevt is already installed duration: 5.185 name: libevt result: true start_time: '14:41:15.096795' pkg_|-libevtx-tools_|-libevtx-tools_|-installed: __id__: libevtx-tools __run_num__: 88 __sls__: sift.packages.libevtx-tools changes: {} comment: Package libevtx-tools is already installed duration: 6.827 name: libevtx-tools result: true start_time: '14:41:15.112484' pkg_|-libevtx_|-libevtx_|-installed: __id__: libevtx __run_num__: 87 __sls__: sift.packages.libevtx changes: {} comment: Package libevtx is already installed duration: 4.946 name: libevtx result: true start_time: '14:41:15.107398' pkg_|-libewf-dev_|-libewf-dev_|-installed: __id__: libewf-dev __run_num__: 90 __sls__: sift.packages.libewf-dev changes: {} comment: Package libewf-dev is already installed duration: 5.939 name: libewf-dev result: true start_time: '14:41:15.125274' pkg_|-libewf-python_|-libewf-python_|-installed: __id__: libewf-python __run_num__: 91 __sls__: sift.packages.libewf-python changes: {} comment: Package libewf-python is already installed duration: 5.518 name: libewf-python result: true start_time: '14:41:15.131370' pkg_|-libewf-tools_|-libewf-tools_|-installed: __id__: libewf-tools __run_num__: 92 __sls__: sift.packages.libewf-tools changes: {} comment: Package libewf-tools is already installed duration: 4.908 name: libewf-tools result: true start_time: '14:41:15.137054' pkg_|-libewf_|-libewf_|-installed: __id__: libewf __run_num__: 89 __sls__: sift.packages.libewf changes: {} comment: Package libewf is already installed duration: 5.603 name: libewf result: true start_time: '14:41:15.119488' pkg_|-libffi-dev_|-libffi-dev_|-installed: __id__: libffi-dev __run_num__: 93 __sls__: sift.packages.libffi-dev changes: {} comment: Package libffi-dev is already installed duration: 5.174 name: libffi-dev result: true start_time: '14:41:15.142111' pkg_|-libfuse-dev_|-libfuse-dev_|-installed: __id__: libfuse-dev __run_num__: 94 __sls__: sift.packages.libfuse-dev changes: {} comment: Package libfuse-dev is already installed duration: 4.909 name: libfuse-dev result: true start_time: '14:41:15.147432' pkg_|-libfvde-tools_|-libfvde-tools_|-installed: __id__: libfvde-tools __run_num__: 96 __sls__: sift.packages.libfvde-tools changes: {} comment: Package libfvde-tools is already installed duration: 6.58 name: libfvde-tools result: true start_time: '14:41:15.161118' pkg_|-libfvde_|-libfvde_|-installed: __id__: libfvde __run_num__: 95 __sls__: sift.packages.libfvde changes: {} comment: Package libfvde is already installed duration: 6.279 name: libfvde result: true start_time: '14:41:15.154645' pkg_|-liblightgrep_|-liblightgrep_|-installed: __id__: liblightgrep __run_num__: 97 __sls__: sift.packages.liblightgrep changes: {} comment: Package liblightgrep is already installed duration: 5.3 name: liblightgrep result: true start_time: '14:41:15.167872' pkg_|-libmsiecf_|-libmsiecf_|-installed: __id__: libmsiecf __run_num__: 98 __sls__: sift.packages.libmsiecf changes: {} comment: Package libmsiecf is already installed duration: 5.436 name: libmsiecf result: true start_time: '14:41:15.173331' pkg_|-libncurses_|-libncurses5-dev_|-installed: __id__: libncurses __run_num__: 99 __sls__: sift.packages.libncurses changes: {} comment: Package libncurses5-dev is already installed duration: 5.081 name: libncurses5-dev result: true start_time: '14:41:15.178925' pkg_|-libnet1_|-libnet1_|-installed: __id__: libnet1 __run_num__: 100 __sls__: sift.packages.libnet1 changes: {} comment: Package libnet1 is already installed duration: 5.048 name: libnet1 result: true start_time: '14:41:15.184169' pkg_|-libolecf_|-libolecf_|-installed: __id__: libolecf __run_num__: 101 __sls__: sift.packages.libolecf changes: {} comment: Package libolecf is already installed duration: 5.174 name: libolecf result: true start_time: '14:41:15.189345' pkg_|-libparse-win32registry-perl_|-libparse-win32registry-perl_|-installed: __id__: libparse-win32registry-perl __run_num__: 102 __sls__: sift.packages.libparse-win32registry-perl changes: {} comment: Package libparse-win32registry-perl is already installed duration: 5.394 name: libparse-win32registry-perl result: true start_time: '14:41:15.194674' pkg_|-libpff-dev_|-libpff-dev_|-installed: __id__: libpff-dev __run_num__: 104 __sls__: sift.packages.libpff-dev changes: {} comment: Package libpff-dev is already installed duration: 5.978 name: libpff-dev result: true start_time: '14:41:15.206132' pkg_|-libpff-python_|-libpff-python_|-installed: __id__: libpff-python __run_num__: 105 __sls__: sift.packages.libpff-python changes: {} comment: Package libpff-python is already installed duration: 5.594 name: libpff-python result: true start_time: '14:41:15.212357' pkg_|-libpff-tools_|-libpff-tools_|-installed: __id__: libpff-tools __run_num__: 106 __sls__: sift.packages.libpff-tools changes: {} comment: Package libpff-tools is already installed duration: 5.298 name: libpff-tools result: true start_time: '14:41:15.218119' pkg_|-libpff_|-libpff_|-installed: __id__: libpff __run_num__: 103 __sls__: sift.packages.libpff changes: {} comment: Package libpff is already installed duration: 5.668 name: libpff result: true start_time: '14:41:15.200242' pkg_|-libregf-dev_|-libregf-dev_|-installed: __id__: libregf-dev __run_num__: 109 __sls__: sift.packages.libregf-dev changes: {} comment: Package libregf-dev is already installed duration: 5.468 name: libregf-dev result: true start_time: '14:41:15.235027' pkg_|-libregf-python_|-libregf-python_|-installed: __id__: libregf-python __run_num__: 110 __sls__: sift.packages.libregf-python changes: {} comment: Package libregf-python is already installed duration: 6.712 name: libregf-python result: true start_time: '14:41:15.240661' pkg_|-libregf-tools_|-libregf-tools_|-installed: __id__: libregf-tools __run_num__: 111 __sls__: sift.packages.libregf-tools changes: {} comment: Package libregf-tools is already installed duration: 5.886 name: libregf-tools result: true start_time: '14:41:15.247589' pkg_|-libregf_|-libregf_|-installed: __id__: libregf __run_num__: 108 __sls__: sift.packages.libregf changes: {} comment: Package libregf is already installed duration: 6.187 name: libregf result: true start_time: '14:41:15.228672' pkg_|-libssl-dev_|-libssl-dev_|-installed: __id__: libssl-dev __run_num__: 112 __sls__: sift.packages.libssl-dev changes: {} comment: Package libssl-dev is already installed duration: 5.048 name: libssl-dev result: true start_time: '14:41:15.253656' pkg_|-libtext-csv-perl_|-libtext-csv-perl_|-installed: __id__: libtext-csv-perl __run_num__: 113 __sls__: sift.packages.libtext-csv-perl changes: {} comment: Package libtext-csv-perl is already installed duration: 5.59 name: libtext-csv-perl result: true start_time: '14:41:15.258838' pkg_|-libvmdk_|-libvmdk_|-installed: __id__: libvmdk __run_num__: 114 __sls__: sift.packages.libvmdk changes: {} comment: Package libvmdk is already installed duration: 5.241 name: libvmdk result: true start_time: '14:41:15.264610' pkg_|-libvshadow-dev_|-libvshadow-dev_|-installed: __id__: libvshadow-dev __run_num__: 116 __sls__: sift.packages.libvshadow-dev changes: {} comment: Package libvshadow-dev is already installed duration: 5.187 name: libvshadow-dev result: true start_time: '14:41:15.274923' pkg_|-libvshadow-python_|-libvshadow-python_|-installed: __id__: libvshadow-python __run_num__: 117 __sls__: sift.packages.libvshadow-python changes: {} comment: Package libvshadow-python is already installed duration: 5.374 name: libvshadow-python result: true start_time: '14:41:15.280254' pkg_|-libvshadow-tools_|-libvshadow-tools_|-installed: __id__: libvshadow-tools __run_num__: 118 __sls__: sift.packages.libvshadow-tools changes: {} comment: Package libvshadow-tools is already installed duration: 5.743 name: libvshadow-tools result: true start_time: '14:41:15.285792' pkg_|-libvshadow_|-libvshadow_|-installed: __id__: libvshadow __run_num__: 115 __sls__: sift.packages.libvshadow changes: {} comment: Package libvshadow is already installed duration: 4.778 name: libvshadow result: true start_time: '14:41:15.270000' pkg_|-libxml2-dev_|-libxml2-dev_|-installed: __id__: libxml2-dev __run_num__: 119 __sls__: sift.packages.libxml2-dev changes: {} comment: Package libxml2-dev is already installed duration: 6.052 name: libxml2-dev result: true start_time: '14:41:15.291703' pkg_|-libxslt-dev_|-libxslt-dev_|-installed: __id__: libxslt-dev __run_num__: 120 __sls__: sift.packages.libxslt-dev changes: {} comment: Package libxslt-dev is already installed duration: 5.01 name: libxslt-dev result: true start_time: '14:41:15.297948' pkg_|-md5deep_|-md5deep_|-installed: __id__: md5deep __run_num__: 121 __sls__: sift.packages.md5deep changes: {} comment: Package md5deep is already installed duration: 5.556 name: md5deep result: true start_time: '14:41:15.303106' pkg_|-nbd-client_|-nbd-client_|-installed: __id__: nbd-client __run_num__: 122 __sls__: sift.packages.nbd-client changes: {} comment: Package nbd-client is already installed duration: 5.471 name: nbd-client result: true start_time: '14:41:15.308850' pkg_|-nbtscan_|-nbtscan_|-installed: __id__: nbtscan __run_num__: 123 __sls__: sift.packages.nbtscan changes: {} comment: Package nbtscan is already installed duration: 4.899 name: nbtscan result: true start_time: '14:41:15.314501' pkg_|-netcat_|-netcat_|-installed: __id__: netcat __run_num__: 124 __sls__: sift.packages.netcat changes: {} comment: Package netcat is already installed duration: 6.534 name: netcat result: true start_time: '14:41:15.319530' pkg_|-netpbm_|-netpbm_|-installed: __id__: netpbm __run_num__: 125 __sls__: sift.packages.netpbm changes: {} comment: Package netpbm is already installed duration: 9.16 name: netpbm result: true start_time: '14:41:15.326376' pkg_|-netsed_|-netsed_|-installed: __id__: netsed __run_num__: 126 __sls__: sift.packages.netsed changes: {} comment: Package netsed is already installed duration: 6.825 name: netsed result: true start_time: '14:41:15.335805' pkg_|-netwox_|-netwox_|-installed: __id__: netwox __run_num__: 127 __sls__: sift.packages.netwox changes: {} comment: Package netwox is already installed duration: 7.777 name: netwox result: true start_time: '14:41:15.342901' pkg_|-nfdump_|-nfdump_|-installed: __id__: nfdump __run_num__: 128 __sls__: sift.packages.nfdump changes: {} comment: Package nfdump is already installed duration: 4.928 name: nfdump result: true start_time: '14:41:15.350874' pkg_|-ngrep_|-ngrep_|-installed: __id__: ngrep __run_num__: 129 __sls__: sift.packages.ngrep changes: {} comment: Package ngrep is already installed duration: 71.223 name: ngrep result: true start_time: '14:41:15.355930' pkg_|-okular_|-okular_|-installed: __id__: okular __run_num__: 131 __sls__: sift.packages.okular changes: {} comment: Package okular is already installed duration: 4.964 name: okular result: true start_time: '14:41:15.434423' pkg_|-open-iscsi_|-open-iscsi_|-installed: __id__: open-iscsi __run_num__: 132 __sls__: sift.packages.open-iscsi changes: {} comment: Package open-iscsi is already installed duration: 7.027 name: open-iscsi result: true start_time: '14:41:15.439518' pkg_|-openjdk_|-openjdk-7-jdk_|-installed: __id__: openjdk __run_num__: 133 __sls__: sift.packages.openjdk changes: {} comment: Package openjdk-7-jdk is already installed duration: 5.112 name: openjdk-7-jdk result: true start_time: '14:41:15.448790' pkg_|-ophcrack-cli_|-ophcrack-cli_|-installed: __id__: ophcrack-cli __run_num__: 135 __sls__: sift.packages.ophcrack-cli changes: {} comment: Package ophcrack-cli is already installed duration: 5.936 name: ophcrack-cli result: true start_time: '14:41:15.459846' pkg_|-ophcrack_|-ophcrack_|-installed: __id__: ophcrack __run_num__: 134 __sls__: sift.packages.ophcrack changes: {} comment: Package ophcrack is already installed duration: 5.629 name: ophcrack result: true start_time: '14:41:15.454033' pkg_|-outguess_|-outguess_|-installed: __id__: outguess __run_num__: 136 __sls__: sift.packages.outguess changes: {} comment: Package outguess is already installed duration: 5.444 name: outguess result: true start_time: '14:41:15.465966' pkg_|-p0f_|-p0f_|-installed: __id__: p0f __run_num__: 137 __sls__: sift.packages.p0f changes: {} comment: Package p0f is already installed duration: 5.79 name: p0f result: true start_time: '14:41:15.471571' pkg_|-p7zip-full_|-p7zip-full_|-installed: __id__: p7zip-full __run_num__: 138 __sls__: sift.packages.p7zip-full changes: {} comment: Package p7zip-full is already installed duration: 5.659 name: p7zip-full result: true start_time: '14:41:15.477523' pkg_|-pdftk_|-pdftk_|-installed: __id__: pdftk __run_num__: 139 __sls__: sift.packages.pdftk changes: {} comment: Package pdftk is already installed duration: 5.053 name: pdftk result: true start_time: '14:41:15.483351' pkg_|-pev_|-pev_|-installed: __id__: pev __run_num__: 142 __sls__: sift.packages.pev changes: {} comment: Package pev is already installed duration: 6.743 name: pev result: true start_time: '14:41:15.497728' pkg_|-phonon_|-phonon_|-installed: __id__: phonon __run_num__: 143 __sls__: sift.packages.phonon changes: {} comment: Package phonon is already installed duration: 6.4 name: phonon result: true start_time: '14:41:15.504698' pkg_|-pkg-config_|-pkg-config_|-installed: __id__: pkg-config __run_num__: 144 __sls__: sift.packages.pkg-config changes: {} comment: Package pkg-config is already installed duration: 9.666 name: pkg-config result: true start_time: '14:41:15.511363' pkg_|-pv_|-pv_|-installed: __id__: pv __run_num__: 147 __sls__: sift.packages.pv changes: {} comment: Package pv is already installed duration: 6.604 name: pv result: true start_time: '14:41:40.771338' pkg_|-pyew_|-pyew_|-installed: __id__: pyew __run_num__: 148 __sls__: sift.packages.pyew changes: {} comment: Package pyew is already installed duration: 5.264 name: pyew result: true start_time: '14:41:40.778110' pkg_|-python-dev_|-python-dev_|-installed: __id__: python-dev __run_num__: 150 __sls__: sift.packages.python-dev changes: {} comment: Package python-dev is already installed duration: 6.029 name: python-dev result: true start_time: '14:41:40.790290' pkg_|-python-dfvfs_|-python-dfvfs_|-installed: __id__: python-dfvfs __run_num__: 151 __sls__: sift.packages.python-dfvfs changes: {} comment: 'Version 20160108-1ppa1~xenial of package ''python-dfvfs'' is already installed. Package python-dfvfs is already set to be held.' duration: 150.366 name: python-dfvfs result: true start_time: '14:41:40.803811' pkg_|-python-flowgrep_|-python-flowgrep_|-installed: __id__: python-flowgrep __run_num__: 152 __sls__: sift.packages.python-flowgrep changes: {} comment: Package python-flowgrep is already installed duration: 6.491 name: python-flowgrep result: true start_time: '14:41:40.954433' pkg_|-python-fuse_|-python-fuse_|-installed: __id__: python-fuse __run_num__: 153 __sls__: sift.packages.python-fuse changes: {} comment: Package python-fuse is already installed duration: 9.008 name: python-fuse result: true start_time: '14:41:40.961080' pkg_|-python-nids_|-python-nids_|-installed: __id__: python-nids __run_num__: 154 __sls__: sift.packages.python-nids changes: {} comment: Package python-nids is already installed duration: 5.919 name: python-nids result: true start_time: '14:41:40.970256' pkg_|-python-ntdsxtract_|-python-ntdsxtract_|-installed: __id__: python-ntdsxtract __run_num__: 155 __sls__: sift.packages.python-ntdsxtract changes: {} comment: Package python-ntdsxtract is already installed duration: 7.006 name: python-ntdsxtract result: true start_time: '14:41:40.976322' pkg_|-python-pefile_|-python-pefile_|-installed: __id__: python-pefile __run_num__: 156 __sls__: sift.packages.python-pefile changes: {} comment: Package python-pefile is already installed duration: 6.217 name: python-pefile result: true start_time: '14:41:40.983621' pkg_|-python-pip_|-python-pip_|-installed: __id__: python-pip __run_num__: 157 __sls__: sift.packages.python-pip changes: {} comment: Package python-pip is already installed duration: 6.623 name: python-pip result: true start_time: '14:41:40.990080' pkg_|-python-plaso_|-python-plaso_|-installed: __id__: python-plaso __run_num__: 160 __sls__: sift.packages.python-plaso changes: {} comment: 'Version 1.4.0-1ppa3~xenial of package ''python-plaso'' is already installed. Package python-plaso is already set to be held.' duration: 123.669 name: python-plaso result: true start_time: '14:41:41.021097' pkg_|-python-qt4_|-python-qt4_|-installed: __id__: python-qt4 __run_num__: 163 __sls__: sift.packages.python-qt4 changes: {} comment: Package python-qt4 is already installed duration: 7.764 name: python-qt4 result: true start_time: '14:41:41.162503' pkg_|-python-software-properties_|-python-software-properties_|-installed: __id__: python-software-properties __run_num__: 0 __sls__: sift.packages.python-software-properties changes: {} comment: Package python-software-properties is already installed duration: 702.47 name: python-software-properties result: true start_time: '14:41:07.526760' pkg_|-python-tk_|-python-tk_|-installed: __id__: python-tk __run_num__: 164 __sls__: sift.packages.python-tk changes: {} comment: Package python-tk is already installed duration: 5.321 name: python-tk result: true start_time: '14:41:41.170567' pkg_|-python-virtualenv_|-python-virtualenv_|-installed: __id__: python-virtualenv __run_num__: 165 __sls__: sift.packages.python-virtualenv changes: {} comment: Package python-virtualenv is already installed duration: 6.619 name: python-virtualenv result: true start_time: '14:41:41.176137' pkg_|-python-volatility_|-python-volatility_|-installed: __id__: python-volatility __run_num__: 178 __sls__: sift.packages.python-volatility changes: {} comment: Package python-volatility is already installed duration: 7.668 name: python-volatility result: true start_time: '14:42:12.760828' pkg_|-python-yara_|-python-yara_|-installed: __id__: python-yara __run_num__: 199 __sls__: sift.packages.python-yara changes: {} comment: Package python-yara is already installed duration: 5.764 name: python-yara result: true start_time: '14:42:16.090695' pkg_|-python_|-python_|-installed: __id__: python __run_num__: 149 __sls__: sift.packages.python changes: {} comment: Package python is already installed duration: 6.59 name: python result: true start_time: '14:41:40.783536' pkg_|-pytsk3-removed_|-pytsk3_|-removed: __id__: pytsk3-removed __run_num__: 161 __sls__: sift.packages.python-pytsk3 changes: {} comment: All specified packages are already absent duration: 10.844 name: pytsk3 result: true start_time: '14:41:41.145015' pkg_|-pytsk3_|-python-pytsk3_|-installed: __id__: pytsk3 __run_num__: 162 __sls__: sift.packages.python-pytsk3 changes: {} comment: Package python-pytsk3 is already installed duration: 6.258 name: python-pytsk3 result: true start_time: '14:41:41.156070' pkg_|-qemu-utils_|-qemu-utils_|-installed: __id__: qemu-utils __run_num__: 201 __sls__: sift.packages.qemu-utils changes: {} comment: Package qemu-utils is already installed duration: 5.459 name: qemu-utils result: true start_time: '14:42:16.102584' pkg_|-qemu_|-qemu_|-installed: __id__: qemu __run_num__: 200 __sls__: sift.packages.qemu changes: {} comment: Package qemu is already installed duration: 5.813 name: qemu result: true start_time: '14:42:16.096601' pkg_|-radare2_|-radare2_|-installed: __id__: radare2 __run_num__: 202 __sls__: sift.packages.radare2 changes: {} comment: Package radare2 is already installed duration: 5.65 name: radare2 result: true start_time: '14:42:16.108246' pkg_|-readpst_|-readpst_|-installed: __id__: readpst __run_num__: 204 __sls__: sift.packages.readpst changes: {} comment: Package readpst is already installed duration: 5.527 name: readpst result: true start_time: '14:42:16.123270' pkg_|-rsakeyfind_|-rsakeyfind_|-installed: __id__: rsakeyfind __run_num__: 205 __sls__: sift.packages.rsakeyfind changes: {} comment: Package rsakeyfind is already installed duration: 5.616 name: rsakeyfind result: true start_time: '14:42:16.128978' pkg_|-safecopy_|-safecopy_|-installed: __id__: safecopy __run_num__: 206 __sls__: sift.packages.safecopy changes: {} comment: Package safecopy is already installed duration: 5.103 name: safecopy result: true start_time: '14:42:16.134787' pkg_|-samba_|-samba_|-installed: __id__: samba __run_num__: 207 __sls__: sift.packages.samba changes: {} comment: Package samba is already installed duration: 6.175 name: samba result: true start_time: '14:42:16.140118' pkg_|-samdump2_|-samdump2_|-installed: __id__: samdump2 __run_num__: 208 __sls__: sift.packages.samdump2 changes: {} comment: Package samdump2 is already installed duration: 5.717 name: samdump2 result: true start_time: '14:42:16.146457' pkg_|-scalpel_|-scalpel_|-installed: __id__: scalpel __run_num__: 209 __sls__: sift.packages.scalpel changes: {} comment: Package scalpel is already installed duration: 5.638 name: scalpel result: true start_time: '14:42:16.152382' pkg_|-sift-nikto_|-nikto_|-installed: __id__: sift-nikto __run_num__: 130 __sls__: sift.packages.nikto changes: {} comment: Package nikto is already installed duration: 5.602 name: nikto result: true start_time: '14:41:15.428675' pkg_|-sift-package-libplist-utils_|-libplist-utils_|-installed: __id__: sift-package-libplist-utils __run_num__: 107 __sls__: sift.packages.libplist-utils changes: {} comment: Package libplist-utils is already installed duration: 4.952 name: libplist-utils result: true start_time: '14:41:15.223574' pkg_|-sift-package-perl_|-perl_|-installed: __id__: sift-package-perl __run_num__: 140 __sls__: sift.packages.perl changes: {} comment: Package perl is already installed duration: 5.275 name: perl result: true start_time: '14:41:15.488559' pkg_|-sift-powershell_|-sift-powershell_|-installed: __id__: sift-powershell __run_num__: 146 __sls__: sift.packages.powershell changes: {} comment: All specified packages are already installed duration: 94.521 name: sift-powershell result: true start_time: '14:41:40.676596' pkg_|-sift-python-xlsxwriter_|-python-xlsxwriter_|-installed: __id__: sift-python-xlsxwriter __run_num__: 159 __sls__: sift.packages.python-xlsxwriter changes: {} comment: Package python-xlsxwriter is already installed duration: 5.729 name: python-xlsxwriter result: true start_time: '14:41:41.008184' pkg_|-sift-python3-xlsxwriter_|-python3-xlsxwriter_|-removed: __id__: sift-python3-xlsxwriter __run_num__: 158 __sls__: sift.packages.python-xlsxwriter changes: {} comment: All specified packages are already absent duration: 11.002 name: python3-xlsxwriter result: true start_time: '14:41:40.996915' pkg_|-sift-rar_|-rar_|-installed: __id__: sift-rar __run_num__: 203 __sls__: sift.packages.rar changes: {} comment: Package rar is already installed duration: 7.448 name: rar result: true start_time: '14:42:16.115619' pkg_|-sift-unrar_|-unrar_|-installed: __id__: sift-unrar __run_num__: 230 __sls__: sift.packages.unrar changes: {} comment: Package unrar is already installed duration: 5.689 name: unrar result: true start_time: '14:42:16.277942' pkg_|-sift-wine-apt-update_|-sift-wine-apt-update_|-uptodate: __id__: sift-wine-apt-update __run_num__: 238 __sls__: sift.packages.wine changes: {} comment: System is already up-to-date duration: 13183.525 name: sift-wine-apt-update result: true start_time: '14:42:16.407832' pkg_|-sift-wine_|-wine_|-installed: __id__: sift-wine __run_num__: 239 __sls__: sift.packages.wine changes: {} comment: Package wine is already installed duration: 6.007 name: wine result: true start_time: '14:42:29.594294' pkg_|-sleuthkit_|-sleuthkit_|-installed: __id__: sleuthkit __run_num__: 210 __sls__: sift.packages.sleuthkit changes: {} comment: Package sleuthkit is already installed duration: 6.436 name: sleuthkit result: true start_time: '14:42:16.158208' pkg_|-socat_|-socat_|-installed: __id__: socat __run_num__: 211 __sls__: sift.packages.socat changes: {} comment: Package socat is already installed duration: 5.906 name: socat result: true start_time: '14:42:16.164841' pkg_|-ssdeep_|-ssdeep_|-installed: __id__: ssdeep __run_num__: 212 __sls__: sift.packages.ssdeep changes: {} comment: Package ssdeep is already installed duration: 5.983 name: ssdeep result: true start_time: '14:42:16.170913' pkg_|-ssldump_|-ssldump_|-installed: __id__: ssldump __run_num__: 213 __sls__: sift.packages.ssldump changes: {} comment: Package ssldump is already installed duration: 5.022 name: ssldump result: true start_time: '14:42:16.177078' pkg_|-sslsniff_|-sslsniff_|-installed: __id__: sslsniff __run_num__: 214 __sls__: sift.packages.sslsniff changes: {} comment: Package sslsniff is already installed duration: 5.528 name: sslsniff result: true start_time: '14:42:16.182252' pkg_|-stunnel4_|-stunnel4_|-installed: __id__: stunnel4 __run_num__: 215 __sls__: sift.packages.stunnel4 changes: {} comment: Package stunnel4 is already installed duration: 5.265 name: stunnel4 result: true start_time: '14:42:16.187932' pkg_|-system-config-samba_|-system-config-samba_|-installed: __id__: system-config-samba __run_num__: 216 __sls__: sift.packages.system-config-samba changes: {} comment: Package system-config-samba is already installed duration: 5.623 name: system-config-samba result: true start_time: '14:42:16.193344' pkg_|-tcl_|-tcl_|-installed: __id__: tcl __run_num__: 217 __sls__: sift.packages.tcl changes: {} comment: Package tcl is already installed duration: 6.172 name: tcl result: true start_time: '14:42:16.199287' pkg_|-tcpflow_|-tcpflow_|-installed: __id__: tcpflow __run_num__: 218 __sls__: sift.packages.tcpflow changes: {} comment: Package tcpflow is already installed duration: 6.091 name: tcpflow result: true start_time: '14:42:16.205696' pkg_|-tcpick_|-tcpick_|-installed: __id__: tcpick __run_num__: 219 __sls__: sift.packages.tcpick changes: {} comment: Package tcpick is already installed duration: 5.314 name: tcpick result: true start_time: '14:42:16.211993' pkg_|-tcpreplay_|-tcpreplay_|-installed: __id__: tcpreplay __run_num__: 220 __sls__: sift.packages.tcpreplay changes: {} comment: Package tcpreplay is already installed duration: 5.479 name: tcpreplay result: true start_time: '14:42:16.217494' pkg_|-tcpslice_|-tcpslice_|-installed: __id__: tcpslice __run_num__: 221 __sls__: sift.packages.tcpslice changes: {} comment: Package tcpslice is already installed duration: 4.956 name: tcpslice result: true start_time: '14:42:16.223186' pkg_|-tcpstat_|-tcpstat_|-installed: __id__: tcpstat __run_num__: 222 __sls__: sift.packages.tcpstat changes: {} comment: Package tcpstat is already installed duration: 5.538 name: tcpstat result: true start_time: '14:42:16.228280' pkg_|-tcptrace_|-tcptrace_|-installed: __id__: tcptrace __run_num__: 223 __sls__: sift.packages.tcptrace changes: {} comment: Package tcptrace is already installed duration: 6.22 name: tcptrace result: true start_time: '14:42:16.234004' pkg_|-tcptrack_|-tcptrack_|-installed: __id__: tcptrack __run_num__: 224 __sls__: sift.packages.tcptrack changes: {} comment: Package tcptrack is already installed duration: 5.833 name: tcptrack result: true start_time: '14:42:16.240426' pkg_|-tcpxtract_|-tcpxtract_|-installed: __id__: tcpxtract __run_num__: 225 __sls__: sift.packages.tcpxtract changes: {} comment: Package tcpxtract is already installed duration: 6.979 name: tcpxtract result: true start_time: '14:42:16.246445' pkg_|-testdisk_|-testdisk_|-installed: __id__: testdisk __run_num__: 226 __sls__: sift.packages.testdisk changes: {} comment: Package testdisk is already installed duration: 5.138 name: testdisk result: true start_time: '14:42:16.253612' pkg_|-tofrodos_|-tofrodos_|-installed: __id__: tofrodos __run_num__: 227 __sls__: sift.packages.tofrodos changes: {} comment: Package tofrodos is already installed duration: 6.657 name: tofrodos result: true start_time: '14:42:16.258913' pkg_|-transmission_|-transmission_|-installed: __id__: transmission __run_num__: 228 __sls__: sift.packages.transmission changes: {} comment: Package transmission is already installed duration: 5.464 name: transmission result: true start_time: '14:42:16.265750' pkg_|-unity-control-center_|-unity-control-center_|-installed: __id__: unity-control-center __run_num__: 229 __sls__: sift.packages.unity-control-center changes: {} comment: Package unity-control-center is already installed duration: 5.053 name: unity-control-center result: true start_time: '14:42:16.271358' pkg_|-unity-webapps-common_|-unity-webapps-common_|-removed: __id__: unity-webapps-common __run_num__: 14 __sls__: sift.packages.absent.unity-webapps-common changes: {} comment: All specified packages are already absent duration: 11.194 name: unity-webapps-common result: true start_time: '14:41:14.671946' pkg_|-upx-ucl_|-upx-ucl_|-installed: __id__: upx-ucl __run_num__: 231 __sls__: sift.packages.upx-ucl changes: {} comment: Package upx-ucl is already installed duration: 5.586 name: upx-ucl result: true start_time: '14:42:16.283798' pkg_|-vbindiff_|-vbindiff_|-installed: __id__: vbindiff __run_num__: 232 __sls__: sift.packages.vbindiff changes: {} comment: Package vbindiff is already installed duration: 5.718 name: vbindiff result: true start_time: '14:42:16.289641' pkg_|-vim_|-vim_|-installed: __id__: vim __run_num__: 233 __sls__: sift.packages.vim changes: {} comment: Package vim is already installed duration: 6.0 name: vim result: true start_time: '14:42:16.295564' pkg_|-virtuoso-minimal_|-virtuoso-minimal_|-installed: __id__: virtuoso-minimal __run_num__: 234 __sls__: sift.packages.virtuoso-minimal changes: {} comment: Package virtuoso-minimal is already installed duration: 4.987 name: virtuoso-minimal result: true start_time: '14:42:16.301740' pkg_|-vmfs-tools_|-vmfs-tools_|-installed: __id__: vmfs-tools __run_num__: 235 __sls__: sift.packages.vmfs-tools changes: {} comment: Package vmfs-tools is already installed duration: 5.648 name: vmfs-tools result: true start_time: '14:42:16.306873' pkg_|-winbind_|-winbind_|-installed: __id__: winbind __run_num__: 236 __sls__: sift.packages.winbind changes: {} comment: Package winbind is already installed duration: 5.519 name: winbind result: true start_time: '14:42:16.312680' pkg_|-wireshark_|-wireshark_|-installed: __id__: wireshark __run_num__: 240 __sls__: sift.packages.wireshark changes: {} comment: Package wireshark is already installed duration: 5.206 name: wireshark result: true start_time: '14:42:29.600453' pkg_|-xdot_|-xdot_|-installed: __id__: xdot __run_num__: 241 __sls__: sift.packages.xdot changes: {} comment: Package xdot is already installed duration: 5.394 name: xdot result: true start_time: '14:42:29.605831' pkg_|-xfsprogs_|-xfsprogs_|-installed: __id__: xfsprogs __run_num__: 242 __sls__: sift.packages.xfsprogs changes: {} comment: Package xfsprogs is already installed duration: 5.343 name: xfsprogs result: true start_time: '14:42:29.611431' pkg_|-xmount_|-xmount_|-installed: __id__: xmount __run_num__: 243 __sls__: sift.packages.xmount changes: {} comment: Package xmount is already installed duration: 5.975 name: xmount result: true start_time: '14:42:29.616910' pkg_|-xpdf_|-xpdf_|-installed: __id__: xpdf __run_num__: 244 __sls__: sift.packages.xpdf changes: {} comment: Package xpdf is already installed duration: 6.26 name: xpdf result: true start_time: '14:42:29.623082' pkg_|-zenity_|-zenity_|-installed: __id__: zenity __run_num__: 245 __sls__: sift.packages.zenity changes: {} comment: Package zenity is already installed duration: 5.843 name: zenity result: true start_time: '14:42:29.629510' pkgrepo_|-openjdk-repo_|-openjdk-repo_|-managed: __id__: openjdk-repo __run_num__: 7 __sls__: sift.repos.openjdk changes: {} comment: Configured package repo 'openjdk-repo' duration: 1840.118 name: openjdk-repo result: true start_time: '14:41:12.686860' pkgrepo_|-sift-dev_|-sift-dev_|-absent: __id__: sift-dev __run_num__: 5 __sls__: sift.repos.sift changes: {} comment: Package repo ppa:sift/dev is absent duration: 412.442 name: sift-dev result: true start_time: '14:41:10.500209' pkgrepo_|-sift-docker-repo_|-deb https://apt.dockerproject.org/repo ubuntu-xenial main_|-managed: __id__: sift-docker-repo __run_num__: 2 __sls__: sift.repos.docker changes: {} comment: Package repo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' already configured duration: 48.164 name: deb https://apt.dockerproject.org/repo ubuntu-xenial main result: true start_time: '14:41:08.240569' pkgrepo_|-sift-gift-dev_|-sift-gift-dev_|-absent: __id__: sift-gift-dev __run_num__: 3 __sls__: sift.repos.gift changes: {} comment: Package repo ppa:gift/dev is absent duration: 497.669 name: sift-gift-dev result: true start_time: '14:41:08.288911' pkgrepo_|-sift-gift-repo_|-gift_|-managed: __id__: sift-gift-repo __run_num__: 4 __sls__: sift.repos.gift changes: {} comment: Configured package repo 'gift' duration: 1709.528 name: gift result: true start_time: '14:41:08.790499' pkgrepo_|-sift-multiverse-repo-security_|-deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse_|-managed: __id__: sift-multiverse-repo-security __run_num__: 9 __sls__: sift.repos.ubuntu-multiverse changes: {} comment: Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse' already configured duration: 39.454 name: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse result: true start_time: '14:41:14.568458' pkgrepo_|-sift-multiverse-repo_|-deb http://archive.ubuntu.com/ubuntu/ xenial multiverse_|-managed: __id__: sift-multiverse-repo __run_num__: 8 __sls__: sift.repos.ubuntu-multiverse changes: {} comment: Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse' already configured duration: 41.065 name: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse result: true start_time: '14:41:14.527195' pkgrepo_|-sift-repo_|-sift-repo_|-managed: __id__: sift-repo __run_num__: 6 __sls__: sift.repos.sift changes: {} comment: Configured package repo 'sift-repo' duration: 1767.268 name: sift-repo result: true start_time: '14:41:10.916502' pkgrepo_|-sift-universe-repo_|-deb http://archive.ubuntu.com/ubuntu/ xenial universe_|-managed: __id__: sift-universe-repo __run_num__: 10 __sls__: sift.repos.ubuntu-universe changes: {} comment: Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial universe' already configured duration: 39.407 name: deb http://archive.ubuntu.com/ubuntu/ xenial universe result: true start_time: '14:41:14.608093' service_|-salt-minion_|-salt-minion_|-dead: __id__: salt-minion __run_num__: 492 __sls__: sift.config.salt-minion changes: {} comment: The service salt-minion is already dead duration: 360.847 name: salt-minion result: true start_time: '14:43:58.896024' service_|-samba-service-nmbd_|-nmbd_|-running: __id__: samba-service-nmbd __run_num__: 495 __sls__: sift.config.samba changes: {} comment: The service nmbd is already running duration: 271.632 name: nmbd result: true start_time: '14:43:59.588791' service_|-samba-service-smbd_|-smbd_|-running: __id__: samba-service-smbd __run_num__: 494 __sls__: sift.config.samba changes: {} comment: The service smbd is already running duration: 310.102 name: smbd result: true start_time: '14:43:59.275543' test_|-sift-config-user_|-sift-config-user_|-nop: __id__: sift-config-user __run_num__: 445 __sls__: sift.config.user changes: {} comment: Success! duration: 0.72 name: sift-config-user result: true start_time: '14:43:58.602554' test_|-sift-config_|-sift-config_|-nop: __id__: sift-config __run_num__: 496 __sls__: sift.config changes: {} comment: Success! duration: 0.638 name: sift-config result: true start_time: '14:43:59.869315' test_|-sift-packages_|-sift-packages_|-nop: __run_num__: 246 __sls__: sift.packages changes: {} comment: 'One or more requisite failed: sift.packages.python-volatility.python-volatility-community-plugins' result: false test_|-sift-python-packages_|-sift-python-packages_|-nop: __id__: sift-python-packages __run_num__: 269 __sls__: sift.python-packages changes: {} comment: Success! duration: 0.777 name: sift-python-packages result: true start_time: '14:43:19.928997' test_|-sift-repos_|-sift-repos_|-nop: __id__: sift-repos __run_num__: 12 __sls__: sift.repos changes: {} comment: Success! duration: 0.602 name: sift-repos result: true start_time: '14:41:14.658663' test_|-sift-scripts_|-sift-scripts_|-nop: __id__: sift-scripts __run_num__: 424 __sls__: sift.scripts changes: {} comment: Success! duration: 0.76 name: sift-scripts result: true start_time: '14:43:58.159662' test_|-sift-tools_|-sift-tools_|-nop: __id__: sift-tools __run_num__: 274 __sls__: sift.tools changes: {} comment: Success! duration: 0.572 name: sift-tools result: true start_time: '14:43:36.850497' test_|-ubuntutweak_|-ubuntutweak_|-nop: __id__: ubuntutweak __run_num__: 11 __sls__: sift.repos.ubuntu-tweak changes: {} comment: Success! duration: 0.442 name: ubuntutweak result: true start_time: '14:41:14.648554' timezone_|-Etc/UTC_|-Etc/UTC_|-system: __id__: Etc/UTC __run_num__: 446 __sls__: sift.config.timezone changes: {} comment: Timezone Etc/UTC already set, UTC already set to Etc/UTC duration: 194.28 name: Etc/UTC result: true start_time: '14:43:58.603473' user_|-sift-user-sansforensics_|-sansforensics_|-present: __id__: sift-user-sansforensics __run_num__: 428 __sls__: sift.config.user.user changes: {} comment: User sansforensics is present and up to date duration: 1.429 name: sansforensics result: true start_time: '14:43:58.267550' virtualenv_|-rekall-virtualenv_|-/opt/rekall_|-managed: __id__: rekall-virtualenv __run_num__: 259 __sls__: sift.python-packages.rekall changes: {} comment: virtualenv exists duration: 2512.672 name: /opt/rekall result: true start_time: '14:43:00.298993'