From 8848bc9c57c9aa0ee38ec59173bb126f298afb0b Mon Sep 17 00:00:00 2001 From: Digital Sleuth <62841822+digitalsleuth@users.noreply.github.com> Date: Thu, 22 Feb 2024 11:40:17 -0500 Subject: [PATCH] Fix for Issue #617 (#91) * Fix issue between plaso and python-evtx * Remove python-evtx package, update headers * Update plaso header --- sift/packages/init.sls | 6 ------ sift/packages/plaso-data.sls | 8 -------- sift/packages/plaso-tools.sls | 12 +++++++++--- sift/packages/plaso.sls | 14 -------------- sift/python3-packages/python-evtx.sls | 12 +++++++++++- 5 files changed, 20 insertions(+), 32 deletions(-) delete mode 100644 sift/packages/plaso-data.sls delete mode 100644 sift/packages/plaso.sls diff --git a/sift/packages/init.sls b/sift/packages/init.sls index 45795b2..88d7267 100644 --- a/sift/packages/init.sls +++ b/sift/packages/init.sls @@ -137,8 +137,6 @@ include: - sift.packages.pff-tools - sift.packages.phonon - sift.packages.pkg-config - - sift.packages.plaso - - sift.packages.plaso-data - sift.packages.plaso-tools - sift.packages.powershell - sift.packages.pv @@ -149,7 +147,6 @@ include: - sift.packages.python3-fuse - sift.packages.python3-pefile - sift.packages.python3-pip - - sift.packages.python3-plaso - sift.packages.python3-pypff - sift.packages.python3-pytsk3 - sift.packages.python3-pyqt5 @@ -346,8 +343,6 @@ sift-packages: - sls: sift.packages.pff-tools - sls: sift.packages.phonon - sls: sift.packages.pkg-config - - sls: sift.packages.plaso - - sls: sift.packages.plaso-data - sls: sift.packages.plaso-tools - sls: sift.packages.powershell - sls: sift.packages.pv @@ -358,7 +353,6 @@ sift-packages: - sls: sift.packages.python3-fuse - sls: sift.packages.python3-pefile - sls: sift.packages.python3-pip - - sls: sift.packages.python3-plaso - sls: sift.packages.python3-pypff - sls: sift.packages.python3-pytsk3 - sls: sift.packages.python3-pyqt5 diff --git a/sift/packages/plaso-data.sls b/sift/packages/plaso-data.sls deleted file mode 100644 index f7e0490..0000000 --- a/sift/packages/plaso-data.sls +++ /dev/null @@ -1,8 +0,0 @@ -include: - - sift.repos.gift - -plaso-data: - pkg.latest: - - name: plaso-data - - require: - - sls: sift.repos.gift diff --git a/sift/packages/plaso-tools.sls b/sift/packages/plaso-tools.sls index 8689600..e0afb38 100644 --- a/sift/packages/plaso-tools.sls +++ b/sift/packages/plaso-tools.sls @@ -1,10 +1,16 @@ +# Name: plaso +# Website: https://github.com/log2timeline/plaso +# Description: Python-based tool to create a timeline based on several sources +# Category: +# Author: Joachim Metz +# License: Apache License 2.0 (https://github.com/log2timeline/plaso/blob/main/LICENSE) +# Notes: psteal.py, psort.py, log2timeline.py + include: - sift.repos.gift - - sift.packages.python3-plaso -plaso-tools: +sift-package-plaso-tools: pkg.latest: - name: plaso-tools - require: - sls: sift.repos.gift - - sls: sift.packages.python3-plaso diff --git a/sift/packages/plaso.sls b/sift/packages/plaso.sls deleted file mode 100644 index 487a6e7..0000000 --- a/sift/packages/plaso.sls +++ /dev/null @@ -1,14 +0,0 @@ -include: - - sift.repos.gift - - sift.packages.python3-plaso - - sift.packages.plaso-tools - - sift.packages.plaso-data - -sift-package-plaso: - test.nop: - - name: sift-package-plaso - - require: - - sls: sift.repos.gift - - sls: sift.packages.python3-plaso - - sls: sift.packages.plaso-tools - - sls: sift.packages.plaso-data diff --git a/sift/python3-packages/python-evtx.sls b/sift/python3-packages/python-evtx.sls index f860fa2..cde132c 100644 --- a/sift/python3-packages/python-evtx.sls +++ b/sift/python3-packages/python-evtx.sls @@ -1,9 +1,19 @@ +# Name: python-evtx +# Website: https://github.com/williballenthin/python-evtx +# Description: Pure Python parser for Windows Event Log (.evtx) files +# Category: +# Author: Willi Ballenthin +# License: Apache License 2.0 (https://github.com/williballenthin/python-evtx/blob/master/LICENSE.TXT) +# Notes: evtx_dates.py, evtx_dump.py, evtx_dump_chunk_slack.py, evtx_dump_json.py, evtx_info.py + include: - sift.python3-packages.pip + - sift.packages.git sift-python3-packages-python-evtx: pip.installed: - - name: python-evtx + - name: git+https://github.com/williballenthin/python-evtx.git - bin_env: /usr/bin/python3 - require: - sls: sift.python3-packages.pip + - sls: sift.packages.git