diff --git a/artifacts/files/packages/packages.yaml b/artifacts/files/packages/packages.yaml new file mode 100644 index 00000000..9c96b339 --- /dev/null +++ b/artifacts/files/packages/packages.yaml @@ -0,0 +1,9 @@ +version: 1.0 +artifacts: + - + description: Collect package table of contents files. + supported_os: [openbsd] + collector: file + path: /var/db/pkg + path_pattern: ["*/+CONTENTS"] + diff --git a/artifacts/files/system/xsession_errors.yaml b/artifacts/files/system/xsession_errors.yaml index 02d6504f..07d36f27 100644 --- a/artifacts/files/system/xsession_errors.yaml +++ b/artifacts/files/system/xsession_errors.yaml @@ -2,8 +2,8 @@ version: 1.0 artifacts: - description: Collect xsession errors file. This is the error log produced by X window system. - supported_os: [linux] + supported_os: [linux, openbsd] collector: file path: /%user_home%/.xsession-errors exclude_nologin_users: true - \ No newline at end of file + diff --git a/artifacts/live_response/network/ndp.yaml b/artifacts/live_response/network/ndp.yaml new file mode 100644 index 00000000..d7378459 --- /dev/null +++ b/artifacts/live_response/network/ndp.yaml @@ -0,0 +1,8 @@ +version: 1.0 +artifacts: + - + description: Collect the kernel's IPv6 network neighbour cache. + supported_os: [freebsd, netbsd, openbsd] + collector: command + command: ndp -a + output_file: ndp_-a.txt diff --git a/artifacts/live_response/network/netstat.yaml b/artifacts/live_response/network/netstat.yaml index 66d7760e..f70fc35e 100644 --- a/artifacts/live_response/network/netstat.yaml +++ b/artifacts/live_response/network/netstat.yaml @@ -2,31 +2,31 @@ version: 2.0 artifacts: - description: Collect both listening and non-listening (for TCP this means established connections) sockets. - supported_os: [android, aix, freebsd, linux, openbsd, netbsd, netscaler, openbsd, solaris] + supported_os: [android, aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: command command: netstat -a output_file: netstat_-a.txt - description: Collect both listening and non-listening (for TCP this means established connections) sockets with numerical addresses instead of trying to determine symbolic host, port or user names. - supported_os: [android, aix, freebsd, linux, openbsd, netbsd, netscaler, openbsd, solaris] + supported_os: [android, aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: command command: netstat -an output_file: netstat_-an.txt - description: Collect a table of all network interfaces. - supported_os: [android, aix, freebsd, linux, openbsd, netbsd, netscaler, openbsd, solaris] + supported_os: [android, aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: command command: netstat -i output_file: netstat_-i.txt - description: Collect the kernel routing tables. - supported_os: [android, aix, freebsd, linux, openbsd, netbsd, netscaler, openbsd, solaris] + supported_os: [android, aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: command command: netstat -r output_file: netstat_-r.txt - description: Collect the kernel routing tables with numerical addresses instead of trying to determine symbolic host, port or user names. - supported_os: [android, aix, freebsd, linux, openbsd, netbsd, netscaler, openbsd, solaris] + supported_os: [android, aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: command command: netstat -rn output_file: netstat_-rn.txt @@ -59,4 +59,4 @@ artifacts: supported_os: [android, linux] collector: command command: netstat -lpeanut - output_file: netstat_-lpeanut.txt \ No newline at end of file + output_file: netstat_-lpeanut.txt diff --git a/artifacts/live_response/vms/vmctl.yaml b/artifacts/live_response/vms/vmctl.yaml new file mode 100644 index 00000000..e8548101 --- /dev/null +++ b/artifacts/live_response/vms/vmctl.yaml @@ -0,0 +1,9 @@ +version: 1.0 +artifacts: + - + description: List running virtual machines on this system. + supported_os: [openbsd] + collector: command + command: vmctl status + output_file: vmctl_status.txt +