From aca313c20e50f68dc594e9eb4b8a1158de0a60a9 Mon Sep 17 00:00:00 2001 From: "Barry J. Grundy" Date: Mon, 2 Feb 2015 01:43:11 +0700 Subject: python/plaso: Added (Forensic Super-Timeline). Signed-off-by: Willy Sudiarto Raharjo --- python/plaso/README | 13 +++++++ python/plaso/plaso.SlackBuild | 86 +++++++++++++++++++++++++++++++++++++++++++ python/plaso/plaso.info | 10 +++++ python/plaso/slack-desc | 19 ++++++++++ 4 files changed, 128 insertions(+) create mode 100644 python/plaso/README create mode 100644 python/plaso/plaso.SlackBuild create mode 100644 python/plaso/plaso.info create mode 100644 python/plaso/slack-desc (limited to 'python') diff --git a/python/plaso/README b/python/plaso/README new file mode 100644 index 0000000000..76c66b7012 --- /dev/null +++ b/python/plaso/README @@ -0,0 +1,13 @@ +plaso (Forensic Super-Timeline) + +Plaso is the Python based back-end engine used by tools such as log2timeline +for automatic creation of a super timelines. The goal of log2timeline (and +thus plaso) is to provide a single tool that can parse various log files and +forensic artifacts from computers and related systems, such as network equipment +to produce a single correlated timeline. This timeline can then be easily +analysed by forensic investigators/analysts, speeding up investigations by +correlating the vast amount of information found on an average computer system. + +Please pay close attention to the build order for plaso and its requirements +(particularly dfvfs). Read the README files and do NOT rely on automated +package tools. diff --git a/python/plaso/plaso.SlackBuild b/python/plaso/plaso.SlackBuild new file mode 100644 index 0000000000..98cb38cd7b --- /dev/null +++ b/python/plaso/plaso.SlackBuild @@ -0,0 +1,86 @@ +#!/bin/sh + +# Slackware build script for plaso +# Copyright 2015 Barry Grundy +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Initial Build version 1.2.0 February 2015 - Barry J. Grundy + +PRGNAM=plaso +VERSION=${VERSION:-1.2.0} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +python setup.py install --root=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a ACKNOWLEDGEMENTS AUTHORS LICENSE README $PKG/usr/doc/$PRGNAM-$VERSION/ +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/python/plaso/plaso.info b/python/plaso/plaso.info new file mode 100644 index 0000000000..8a35219b18 --- /dev/null +++ b/python/plaso/plaso.info @@ -0,0 +1,10 @@ +PRGNAM="plaso" +VERSION="1.2.0" +HOMEPAGE="http://plaso.kiddaland.net/" +DOWNLOAD="https://e366e647f8637dd31e0a13f75e5469341a9ab0ee.googledrive.com/host/0B30H7z4S52FleW5vUHBnblJfcjg/1.2.0/final/plaso-1.2.0.tar.gz" +MD5SUM="89f0d04cb4e6763419cda347fdffaeab" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="ipython dfvfs hachoir-metadata bencode binplist psutil dpkt pyparsing PyYAML libesedb libevt libevtx libfwsi liblnk libmsiecf libolecf libregf" +MAINTAINER="Barry J. Grundy" +EMAIL="bgrundylinuxleo.com" diff --git a/python/plaso/slack-desc b/python/plaso/slack-desc new file mode 100644 index 0000000000..edf6af1839 --- /dev/null +++ b/python/plaso/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +plaso: plaso (Forensic Super-Timeline) +plaso: +plaso: Plaso is the Python based back-end engine used by tools such as +plaso: log2timeline for automatic creation of a super timelines. +plaso: +plaso: Homepage: http://plaso.kiddaland.net/ +plaso: +plaso: +plaso: +plaso: +plaso: -- cgit v1.2.3