diff options
author | Barry J. Grundy <bgrundy@linuxleo.com> | 2015-02-02 01:43:11 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2015-02-02 01:43:11 +0700 |
commit | aca313c20e50f68dc594e9eb4b8a1158de0a60a9 (patch) | |
tree | efb24dd3a18c0ef2bad7c88afa47f317f4066a40 /python | |
parent | 0666ea5b41dbb4e06e62487b2457170e4b9eca7b (diff) |
python/plaso: Added (Forensic Super-Timeline).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/plaso/README | 13 | ||||
-rw-r--r-- | python/plaso/plaso.SlackBuild | 86 | ||||
-rw-r--r-- | python/plaso/plaso.info | 10 | ||||
-rw-r--r-- | python/plaso/slack-desc | 19 |
4 files changed, 128 insertions, 0 deletions
diff --git a/python/plaso/README b/python/plaso/README new file mode 100644 index 0000000000000..76c66b70120e0 --- /dev/null +++ b/python/plaso/README @@ -0,0 +1,13 @@ +plaso (Forensic Super-Timeline) + +Plaso is the Python based back-end engine used by tools such as log2timeline +for automatic creation of a super timelines. The goal of log2timeline (and +thus plaso) is to provide a single tool that can parse various log files and +forensic artifacts from computers and related systems, such as network equipment +to produce a single correlated timeline. This timeline can then be easily +analysed by forensic investigators/analysts, speeding up investigations by +correlating the vast amount of information found on an average computer system. + +Please pay close attention to the build order for plaso and its requirements +(particularly dfvfs). Read the README files and do NOT rely on automated +package tools. diff --git a/python/plaso/plaso.SlackBuild b/python/plaso/plaso.SlackBuild new file mode 100644 index 0000000000000..98cb38cd7b635 --- /dev/null +++ b/python/plaso/plaso.SlackBuild @@ -0,0 +1,86 @@ +#!/bin/sh + +# Slackware build script for plaso +# Copyright 2015 Barry Grundy <bgrundy[at]linuxleo.com> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Initial Build version 1.2.0 February 2015 - Barry J. Grundy + +PRGNAM=plaso +VERSION=${VERSION:-1.2.0} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +python setup.py install --root=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a ACKNOWLEDGEMENTS AUTHORS LICENSE README $PKG/usr/doc/$PRGNAM-$VERSION/ +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/python/plaso/plaso.info b/python/plaso/plaso.info new file mode 100644 index 0000000000000..8a35219b18f2c --- /dev/null +++ b/python/plaso/plaso.info @@ -0,0 +1,10 @@ +PRGNAM="plaso" +VERSION="1.2.0" +HOMEPAGE="http://plaso.kiddaland.net/" +DOWNLOAD="https://e366e647f8637dd31e0a13f75e5469341a9ab0ee.googledrive.com/host/0B30H7z4S52FleW5vUHBnblJfcjg/1.2.0/final/plaso-1.2.0.tar.gz" +MD5SUM="89f0d04cb4e6763419cda347fdffaeab" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="ipython dfvfs hachoir-metadata bencode binplist psutil dpkt pyparsing PyYAML libesedb libevt libevtx libfwsi liblnk libmsiecf libolecf libregf" +MAINTAINER="Barry J. Grundy" +EMAIL="bgrundy<at>linuxleo.com" diff --git a/python/plaso/slack-desc b/python/plaso/slack-desc new file mode 100644 index 0000000000000..edf6af1839b52 --- /dev/null +++ b/python/plaso/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +plaso: plaso (Forensic Super-Timeline) +plaso: +plaso: Plaso is the Python based back-end engine used by tools such as +plaso: log2timeline for automatic creation of a super timelines. +plaso: +plaso: Homepage: http://plaso.kiddaland.net/ +plaso: +plaso: +plaso: +plaso: +plaso: |