diff --git a/CHANGELOG.md b/CHANGELOG.md index 969bccc..c014895 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,16 @@ ### Artifacts +- files/applications/ark.yaml: Added collection of metadata about recently opened archive files in Ark, the KDE archive manager [freebsd, linux, netbsd, openbsd]. +- files/applications/dolphin.yaml: Added collection of session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations [freebsd, linux, netbsd, openbsd]. +- files/applications/dragon_player.yaml: Added collection of paths to recently opened video files using the Dragon Player [freebsd, linux, netbsd, openbsd]. +- files/applications/geany.yaml: Added collection of metadata about recently opened files in Geany text editor [freebsd, linux, netbsd, openbsd]. +- files/applications/gedit.yaml: Added collection of metadata about recently opened files in Gedit text editor [freebsd, linux, netbsd, openbsd]. +- files/applications/gnome_text_editor.yaml: Added collection of metadata about recently opened files in Gnome Text Editor [freebsd, linux, netbsd, openbsd]. +- files/applications/katesession.yaml: Added colleection of metadata about recently opened files in Kwrite and Kate text editors [freebsd, linux, netbsd, openbsd]. +- files/applications/okular.yaml: Added collection of metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE [freebsd, linux, netbsd, openbsd]. +- files/system/gvfs_metadata.yaml: Added collection of data from the gvfs-metadata directory to retrieve user-specific metadata, such as file access details, custom properties, and interaction history [freebsd, linux, netbsd, openbsd]. +- files/system/kactivitymanagerd.yaml: Added collection of activity tracking data used by KActivityManager (part of KDE) to track and manage user activities, such as recently opened files, applications, and other resources [freebsd, linux, netbsd, openbsd]. - files/system/upstart.yaml: Added collection of system-wide and user-session Upstart configuration files [linux]. - files/system/xdg_autostart.yaml: Added collection of system-wide and user-specific XDG autostart files [linux]. - live_response/packages/dpkg.yaml: Updated to verify all packages to compare information about the installed files in the package with information about the files taken from the package metadata stored in the dpkg database [linux] ([mnrkbys](https://github.com/mnrkbys)). diff --git a/artifacts/files/applications/ark.yaml b/artifacts/files/applications/ark.yaml new file mode 100644 index 0000000..b74ab04 --- /dev/null +++ b/artifacts/files/applications/ark.yaml @@ -0,0 +1,28 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened archive files in Ark, the KDE archive manager. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["ark_recentfiles"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened archive files in Ark, the KDE archive manager (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["ark_recentfiles"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened archive files in Ark, the KDE archive manager (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["ark_recentfiles"] + file_type: [f] + exclude_nologin_users: true + + \ No newline at end of file diff --git a/artifacts/files/applications/dolphin.yaml b/artifacts/files/applications/dolphin.yaml new file mode 100644 index 0000000..1d38469 --- /dev/null +++ b/artifacts/files/applications/dolphin.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["dolphin_dolphin_dolphin"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["dolphin_dolphin_dolphin"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["dolphin_dolphin_dolphin"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/dragon_player.yaml b/artifacts/files/applications/dragon_player.yaml new file mode 100644 index 0000000..ef11cdc --- /dev/null +++ b/artifacts/files/applications/dragon_player.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect the paths to recently opened video files using the Dragon Player. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["dragonplayerrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently opened video files using the Dragon Player (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["dragonplayerrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently opened video files using the Dragon Player (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["dragonplayerrc"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/geany.yaml b/artifacts/files/applications/geany.yaml new file mode 100644 index 0000000..118b13e --- /dev/null +++ b/artifacts/files/applications/geany.yaml @@ -0,0 +1,32 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Geany text editor. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config/geany + name_pattern: ["session.conf"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Geany text editor (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + path_pattern: ["*/config/geany/*"] + name_pattern: ["session.conf"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Geany text editor (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + path_pattern: ["*/.config/geany/*"] + name_pattern: ["session.conf"] + file_type: [f] + exclude_nologin_users: true + + + + \ No newline at end of file diff --git a/artifacts/files/applications/gedit.yaml b/artifacts/files/applications/gedit.yaml new file mode 100644 index 0000000..765646f --- /dev/null +++ b/artifacts/files/applications/gedit.yaml @@ -0,0 +1,30 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Gedit text editor. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["gedit-metadata.xml"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gedit text editor (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["gedit-metadata.xml"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gedit text editor (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["gedit-metadata.xml"] + file_type: [f] + exclude_nologin_users: true + + + + \ No newline at end of file diff --git a/artifacts/files/applications/gnome_text_editor.yaml b/artifacts/files/applications/gnome_text_editor.yaml new file mode 100644 index 0000000..38cc523 --- /dev/null +++ b/artifacts/files/applications/gnome_text_editor.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Gnome Text Editor. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["session.gvariant"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gnome Text Editor (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["session.gvariant"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gnome Text Editor (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["session.gvariant"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/google_earth.yaml b/artifacts/files/applications/google_earth.yaml index 344f664..ee94c4f 100644 --- a/artifacts/files/applications/google_earth.yaml +++ b/artifacts/files/applications/google_earth.yaml @@ -7,6 +7,13 @@ artifacts: path: /%user_home%/.googleearth name_pattern: ["*.kml"] exclude_nologin_users: true + - + description: Collect Google Earth KML files (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["*.kml"] + exclude_nologin_users: true - description: Collect Google Earth KML files. supported_os: [macos] diff --git a/artifacts/files/applications/gwenview.yaml b/artifacts/files/applications/gwenview.yaml new file mode 100644 index 0000000..468d639 --- /dev/null +++ b/artifacts/files/applications/gwenview.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect the paths to recently viewed or edited images using Gwenview image viewer. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["gwenviewrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently viewed or edited images using Gwenview image viewer (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["gwenviewrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently viewed or edited images using Gwenview image viewer (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["gwenviewrc"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/katesession.yaml b/artifacts/files/applications/katesession.yaml new file mode 100644 index 0000000..b0c80a7 --- /dev/null +++ b/artifacts/files/applications/katesession.yaml @@ -0,0 +1,28 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Kwrite and Kate text editors. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["anonymous.katesession"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Kwrite and Kate text editors (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["anonymous.katesession"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Kwrite and Kate text editors (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["anonymous.katesession"] + file_type: [f] + exclude_nologin_users: true + + \ No newline at end of file diff --git a/artifacts/files/applications/okular.yaml b/artifacts/files/applications/okular.yaml new file mode 100644 index 0000000..01f39d5 --- /dev/null +++ b/artifacts/files/applications/okular.yaml @@ -0,0 +1,54 @@ +version: 1.0 +artifacts: + - + description: Collect metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + path_pattern: ["*/okular/docdata/*"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect Okular configuration file. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["okularrc"] + file_type: [f] + ignore_date_range: true + exclude_nologin_users: true + - + description: Collect metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + path_pattern: ["*/okular/docdata/*"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect Okular configuration file (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["okularrc"] + file_type: [f] + ignore_date_range: true + exclude_nologin_users: true + - + description: Collect metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + path_pattern: ["*/okular/docdata/*"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect Okular configuration file (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["okularrc"] + file_type: [f] + ignore_date_range: true + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/system/gvfs_metadata.yaml b/artifacts/files/system/gvfs_metadata.yaml new file mode 100644 index 0000000..9cada49 --- /dev/null +++ b/artifacts/files/system/gvfs_metadata.yaml @@ -0,0 +1,10 @@ +version: 1.0 +artifacts: + - + description: Collect data from the gvfs-metadata directory to retrieve user-specific metadata, such as local and remote file access details, custom properties, and interaction history. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share/gvfs-metadata + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/system/kactivitymanagerd.yaml b/artifacts/files/system/kactivitymanagerd.yaml new file mode 100644 index 0000000..a1edd04 --- /dev/null +++ b/artifacts/files/system/kactivitymanagerd.yaml @@ -0,0 +1,10 @@ +version: 1.0 +artifacts: + - + description: Collect activity tracking data used by KActivityManager (part of KDE) to track and manage user activities, such as recently opened files, applications, and other resources. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share/kactivitymanagerd/resources + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file