Skip to content

Extend webserver collection #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Extend webserver collection #264

wants to merge 7 commits into from

Conversation

qmadev
Copy link
Contributor

@qmadev qmadev commented Aug 16, 2025
edited
Loading

closes #139

Testing on VMs with IIS, Nginx and Caddy seems to work fine with an adjusted version of dissect.target #1287.

- Collecting file C:/Windows/System32/LogFiles/HTTPERR/httperr1.log to: fs/C:/Windows/System32/LogFiles/HTTPERR/httperr1.log
- Collecting file C:/Windows/System32/LogFiles/HTTPERR/httperr1.log succeeded

- Collecting file /var/caddy/access.json to: fs/$rootfs$/var/caddy/access.json
- Collecting file /var/caddy/access.json succeeded
- Collecting file /root/access.log to: fs/$rootfs$/root/access.log
- Collecting file /root/access.log succeeded

The issue specifies that tests should be written. Do we still want that, even with the tests that are already there in dissect.target?

@qmadev qmadev changed the title Fix/webserver collection Extend webserver collection Aug 16, 2025
@qmadev qmadev mentioned this pull request Aug 16, 2025
Open
@qmadev
Copy link
Contributor Author

qmadev commented Aug 16, 2025

What version should I put at line 873? See question marks.

Schamper
Schamper requested changes Aug 18, 2025
View reviewed changes
acquire/acquire.py Outdated
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
spec = set()

for subclass in WebserverPlugin.__subclasses__():
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this is slightly dangerous because of fox-it/dissect.target#1015 and consequently fox-it/dissect.target#1232.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, did not know about those bugs. What's the way to go here? Wait for these bugs to get fixed or just hardcode the plugins that we have now?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the time being maybe hardcode it. The long term plan is to replace the "acquire modules" with the _get_paths() functionality, so that there's a single source of truth for all required files, instead of acquire and dissect.target slowly diverging because they both maintain different lists of files to collect/parse.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to know! I'll try to keep that in mind for future PRs.

Hardcoded the classes for now.

@qmadev qmadev requested a review from Schamper August 18, 2025 16:31
@qmadev
Copy link
Contributor Author

qmadev commented Aug 25, 2025

Any news on this?

@qmadev
Copy link
Contributor Author

qmadev commented Sep 2, 2025

@Schamper do you have some time to take a second look at this?

@Schamper
Copy link
Member

Schamper commented Sep 2, 2025

I'd like @twiggler to have an opinion too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Schamper Schamper Awaiting requested review from Schamper

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Collect all nginx&apache logs in Acquire
2 participants
@qmadev @Schamper