From 66390146efce1b419fc984382afac3f5636a6f4b Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Fri, 6 Dec 2024 20:21:28 -0300 Subject: [PATCH 1/2] artif: new artifacts New artifacts mostly related to most recent used files by applications. --- CHANGELOG.md | 10 ++++ artifacts/files/applications/ark.yaml | 28 ++++++++++ artifacts/files/applications/dolphin.yaml | 27 ++++++++++ .../files/applications/dragon_player.yaml | 27 ++++++++++ artifacts/files/applications/geany.yaml | 32 +++++++++++ artifacts/files/applications/gedit.yaml | 30 +++++++++++ .../files/applications/gnome_text_editor.yaml | 27 ++++++++++ .../files/applications/google_earth.yaml | 7 +++ artifacts/files/applications/gwenview.yaml | 27 ++++++++++ artifacts/files/applications/katesession.yaml | 28 ++++++++++ artifacts/files/applications/okular.yaml | 54 +++++++++++++++++++ artifacts/files/system/gvfs_metadata.yaml | 10 ++++ artifacts/files/system/kactivitymanagerd.yaml | 10 ++++ 13 files changed, 317 insertions(+) create mode 100644 artifacts/files/applications/ark.yaml create mode 100644 artifacts/files/applications/dolphin.yaml create mode 100644 artifacts/files/applications/dragon_player.yaml create mode 100644 artifacts/files/applications/geany.yaml create mode 100644 artifacts/files/applications/gedit.yaml create mode 100644 artifacts/files/applications/gnome_text_editor.yaml create mode 100644 artifacts/files/applications/gwenview.yaml create mode 100644 artifacts/files/applications/katesession.yaml create mode 100644 artifacts/files/applications/okular.yaml create mode 100644 artifacts/files/system/gvfs_metadata.yaml create mode 100644 artifacts/files/system/kactivitymanagerd.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 969bccc0..c0148954 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,16 @@ ### Artifacts +- files/applications/ark.yaml: Added collection of metadata about recently opened archive files in Ark, the KDE archive manager [freebsd, linux, netbsd, openbsd]. +- files/applications/dolphin.yaml: Added collection of session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations [freebsd, linux, netbsd, openbsd]. +- files/applications/dragon_player.yaml: Added collection of paths to recently opened video files using the Dragon Player [freebsd, linux, netbsd, openbsd]. +- files/applications/geany.yaml: Added collection of metadata about recently opened files in Geany text editor [freebsd, linux, netbsd, openbsd]. +- files/applications/gedit.yaml: Added collection of metadata about recently opened files in Gedit text editor [freebsd, linux, netbsd, openbsd]. +- files/applications/gnome_text_editor.yaml: Added collection of metadata about recently opened files in Gnome Text Editor [freebsd, linux, netbsd, openbsd]. +- files/applications/katesession.yaml: Added colleection of metadata about recently opened files in Kwrite and Kate text editors [freebsd, linux, netbsd, openbsd]. +- files/applications/okular.yaml: Added collection of metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE [freebsd, linux, netbsd, openbsd]. +- files/system/gvfs_metadata.yaml: Added collection of data from the gvfs-metadata directory to retrieve user-specific metadata, such as file access details, custom properties, and interaction history [freebsd, linux, netbsd, openbsd]. +- files/system/kactivitymanagerd.yaml: Added collection of activity tracking data used by KActivityManager (part of KDE) to track and manage user activities, such as recently opened files, applications, and other resources [freebsd, linux, netbsd, openbsd]. - files/system/upstart.yaml: Added collection of system-wide and user-session Upstart configuration files [linux]. - files/system/xdg_autostart.yaml: Added collection of system-wide and user-specific XDG autostart files [linux]. - live_response/packages/dpkg.yaml: Updated to verify all packages to compare information about the installed files in the package with information about the files taken from the package metadata stored in the dpkg database [linux] ([mnrkbys](https://github.com/mnrkbys)). diff --git a/artifacts/files/applications/ark.yaml b/artifacts/files/applications/ark.yaml new file mode 100644 index 00000000..b74ab048 --- /dev/null +++ b/artifacts/files/applications/ark.yaml @@ -0,0 +1,28 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened archive files in Ark, the KDE archive manager. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["ark_recentfiles"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened archive files in Ark, the KDE archive manager (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["ark_recentfiles"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened archive files in Ark, the KDE archive manager (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["ark_recentfiles"] + file_type: [f] + exclude_nologin_users: true + + \ No newline at end of file diff --git a/artifacts/files/applications/dolphin.yaml b/artifacts/files/applications/dolphin.yaml new file mode 100644 index 00000000..1d384692 --- /dev/null +++ b/artifacts/files/applications/dolphin.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["dolphin_dolphin_dolphin"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["dolphin_dolphin_dolphin"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect session data for the Dolphin file manager in the KDE desktop environment. This file contains information about the state of the Dolphin application, such as the currently open directories and their paths and the last accessed locations (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["dolphin_dolphin_dolphin"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/dragon_player.yaml b/artifacts/files/applications/dragon_player.yaml new file mode 100644 index 00000000..ef11cdc1 --- /dev/null +++ b/artifacts/files/applications/dragon_player.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect the paths to recently opened video files using the Dragon Player. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["dragonplayerrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently opened video files using the Dragon Player (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["dragonplayerrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently opened video files using the Dragon Player (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["dragonplayerrc"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/geany.yaml b/artifacts/files/applications/geany.yaml new file mode 100644 index 00000000..118b13ec --- /dev/null +++ b/artifacts/files/applications/geany.yaml @@ -0,0 +1,32 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Geany text editor. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config/geany + name_pattern: ["session.conf"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Geany text editor (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + path_pattern: ["*/config/geany/*"] + name_pattern: ["session.conf"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Geany text editor (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + path_pattern: ["*/.config/geany/*"] + name_pattern: ["session.conf"] + file_type: [f] + exclude_nologin_users: true + + + + \ No newline at end of file diff --git a/artifacts/files/applications/gedit.yaml b/artifacts/files/applications/gedit.yaml new file mode 100644 index 00000000..765646fa --- /dev/null +++ b/artifacts/files/applications/gedit.yaml @@ -0,0 +1,30 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Gedit text editor. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["gedit-metadata.xml"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gedit text editor (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["gedit-metadata.xml"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gedit text editor (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["gedit-metadata.xml"] + file_type: [f] + exclude_nologin_users: true + + + + \ No newline at end of file diff --git a/artifacts/files/applications/gnome_text_editor.yaml b/artifacts/files/applications/gnome_text_editor.yaml new file mode 100644 index 00000000..38cc5239 --- /dev/null +++ b/artifacts/files/applications/gnome_text_editor.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Gnome Text Editor. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["session.gvariant"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gnome Text Editor (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["session.gvariant"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Gnome Text Editor (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["session.gvariant"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/google_earth.yaml b/artifacts/files/applications/google_earth.yaml index 344f6647..ee94c4f3 100644 --- a/artifacts/files/applications/google_earth.yaml +++ b/artifacts/files/applications/google_earth.yaml @@ -7,6 +7,13 @@ artifacts: path: /%user_home%/.googleearth name_pattern: ["*.kml"] exclude_nologin_users: true + - + description: Collect Google Earth KML files (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["*.kml"] + exclude_nologin_users: true - description: Collect Google Earth KML files. supported_os: [macos] diff --git a/artifacts/files/applications/gwenview.yaml b/artifacts/files/applications/gwenview.yaml new file mode 100644 index 00000000..468d6393 --- /dev/null +++ b/artifacts/files/applications/gwenview.yaml @@ -0,0 +1,27 @@ +version: 1.0 +artifacts: + - + description: Collect the paths to recently viewed or edited images using Gwenview image viewer. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["gwenviewrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently viewed or edited images using Gwenview image viewer (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["gwenviewrc"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect the paths to recently viewed or edited images using Gwenview image viewer (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["gwenviewrc"] + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/applications/katesession.yaml b/artifacts/files/applications/katesession.yaml new file mode 100644 index 00000000..b0c80a7e --- /dev/null +++ b/artifacts/files/applications/katesession.yaml @@ -0,0 +1,28 @@ +version: 1.0 +artifacts: + - + description: Collect metadata about recently opened files in Kwrite and Kate text editors. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + name_pattern: ["anonymous.katesession"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Kwrite and Kate text editors (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + name_pattern: ["anonymous.katesession"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect metadata about recently opened files in Kwrite and Kate text editors (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + name_pattern: ["anonymous.katesession"] + file_type: [f] + exclude_nologin_users: true + + \ No newline at end of file diff --git a/artifacts/files/applications/okular.yaml b/artifacts/files/applications/okular.yaml new file mode 100644 index 00000000..e2b02a03 --- /dev/null +++ b/artifacts/files/applications/okular.yaml @@ -0,0 +1,54 @@ +version: 1.0 +artifacts: + - + description: Collect metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share + path_pattern: ["*/okular/docdata/*"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect Okular configuration file. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.config + name_pattern: ["okularrc"] + file_type: [f] + ignore_date_range: true + exclude_nologin_users: true + - + description: Collect metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE (Flatpak version). + supported_os: [linux] + collector: file + path: /%user_home%/.var/app + path_pattern: ["*/okular/docdata/*"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect Okular configuration file (Flatpak version). + supported_os: [linuxsd] + collector: file + path: /%user_home%/.var/app + name_pattern: ["okularrc"] + file_type: [f] + ignore_date_range: true + exclude_nologin_users: true + - + description: Collect metadata related to documents that have been opened or interacted with using Okular, a document viewer for KDE (Snap version). + supported_os: [linux] + collector: file + path: /%user_home%/snap + path_pattern: ["*/okular/docdata/*"] + file_type: [f] + exclude_nologin_users: true + - + description: Collect Okular configuration file (Snap version). + supported_os: [linuxsd] + collector: file + path: /%user_home%/snap + name_pattern: ["okularrc"] + file_type: [f] + ignore_date_range: true + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/system/gvfs_metadata.yaml b/artifacts/files/system/gvfs_metadata.yaml new file mode 100644 index 00000000..9cada497 --- /dev/null +++ b/artifacts/files/system/gvfs_metadata.yaml @@ -0,0 +1,10 @@ +version: 1.0 +artifacts: + - + description: Collect data from the gvfs-metadata directory to retrieve user-specific metadata, such as local and remote file access details, custom properties, and interaction history. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share/gvfs-metadata + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file diff --git a/artifacts/files/system/kactivitymanagerd.yaml b/artifacts/files/system/kactivitymanagerd.yaml new file mode 100644 index 00000000..a1edd047 --- /dev/null +++ b/artifacts/files/system/kactivitymanagerd.yaml @@ -0,0 +1,10 @@ +version: 1.0 +artifacts: + - + description: Collect activity tracking data used by KActivityManager (part of KDE) to track and manage user activities, such as recently opened files, applications, and other resources. + supported_os: [freebsd, linux, netbsd, openbsd] + collector: file + path: /%user_home%/.local/share/kactivitymanagerd/resources + file_type: [f] + exclude_nologin_users: true + \ No newline at end of file From a14baee8d43caadaf785b4ebe439ccf660122fac Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Fri, 6 Dec 2024 20:24:12 -0300 Subject: [PATCH 2/2] artif: fix supported_os --- artifacts/files/applications/okular.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/artifacts/files/applications/okular.yaml b/artifacts/files/applications/okular.yaml index e2b02a03..01f39d5b 100644 --- a/artifacts/files/applications/okular.yaml +++ b/artifacts/files/applications/okular.yaml @@ -27,7 +27,7 @@ artifacts: exclude_nologin_users: true - description: Collect Okular configuration file (Flatpak version). - supported_os: [linuxsd] + supported_os: [linux] collector: file path: /%user_home%/.var/app name_pattern: ["okularrc"] @@ -44,7 +44,7 @@ artifacts: exclude_nologin_users: true - description: Collect Okular configuration file (Snap version). - supported_os: [linuxsd] + supported_os: [linux] collector: file path: /%user_home%/snap name_pattern: ["okularrc"]