Merge branch 'develop' into add_modifiers

tclahr · Sep 2, 2024 · 4b45804 · 4b45804
2 parents ca22062 + f5971ed
commit 4b45804
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,7 @@
 ### Artifacts
 
 - bodyfile/bodyfile.yaml: Updated to remove max_depth limit.
+- files/applications/lesshst.yaml: Added less history file (.lesshst) collection [aix, freebsd, linux, macos, netbsd, netscaler, openbsd, solaris] ([mnrkbys](https://github.com/mnrkbys)).
 - files/applications/whatsapp.yaml: Added collection of WhatsApp Desktop files [macos].
 - files/logs/additional_logs.yaml: Artifact was renamed to advanced_log_search.yaml.
 - files/logs/relink.yaml: Added collection of the kernel relink log file [openbsd] ([Herbert-Karl](https://github.com/Herbert-Karl)).
@@ -68,6 +69,10 @@
 - live_response/system/world_writable_files.yaml: Updated to remove max_depth limit.
 - live_response/system/zoneadm.yaml: Artifact was moved to live_response/containers directory ([Herbert-Karl](https://github.com/Herbert-Karl)).
 
+### Profiles
+
+- files/applications/lesshst.yaml, files/applications/viminfo.yaml, and files/applications/wget.yaml artifacts were added to the 'ir_triage' profile.
+
 ### Command Line Option Changes
 
 - '--date-range-start' was renamed to '--start-date' ([#186](https://github.com/tclahr/uac/issues/186)).

diff --git a/artifacts/files/applications/lesshst.yaml b/artifacts/files/applications/lesshst.yaml
@@ -0,0 +1,26 @@
+version: 1.0
+artifacts:
+# https://wiki.archlinux.org/title/XDG_Base_Directory
+# https://github.com/gwsw/less/issues/153
+# https://www.greenwoodsoftware.com/less/news.590.html
+# https://www.greenwoodsoftware.com/less/news.600.html
+  -
+    description: Collect less history file. This file is used to store search string.
+    supported_os: [aix, freebsd, linux, macos, netbsd, netscaler, openbsd, solaris]
+    collector: file
+    path: /%user_home%/.lesshst
+    exclude_nologin_users: true
+  -
+    description: Collect less history file. This file is used to store search string.
+    supported_os: [aix, freebsd, linux, macos, netbsd, netscaler, openbsd, solaris]
+    collector: file
+    # $XDG_STATE_HOME/lesshst
+    path: /%user_home%/.local/state/lesshst
+    exclude_nologin_users: true
+  -
+    description: Collect less history file. This file is used to store search string.
+    supported_os: [aix, freebsd, linux, macos, netbsd, netscaler, openbsd, solaris]
+    collector: file
+    # $XDG_DATA_HOME/lesshst
+    path: /%user_home%/.local/share/lesshst
+    exclude_nologin_users: true
diff --git a/profiles/ir_triage.yaml b/profiles/ir_triage.yaml
@@ -25,6 +25,12 @@ artifacts:
   - live_response/vms/*
   - chkrootkit/chkrootkit.yaml
   - hash_executables/hash_executables.yaml
-  - files/*
-  - !files/applications/*
-  - !files/browsers/*
+  - files/applications/lesshst.yaml
+  - files/applications/viminfo.yaml
+  - files/applications/wget.yaml
+  - files/logs/*
+  - files/packages/*
+  - files/shell/*
+  - files/ssh/*
+  - files/system/*
+