Mac OS 12 - nothing from Files/Shell collected #244
Assignees
Labels
type: unconfirmed
This doesn't seem right
Comments
|
Hello there. UAC 2.7.0 is quite old. Can you try the latest version 2.9.1 please? If it does not work, can you provide me the uac.log file? |
|
Also, can you provide the output for the following command, please?
|
|
You bet! I did upgrade it after posting the issue and its at 2.9.1. The
issue still persists.
sudo ./uac -V
UAC (Unix-like Artifacts Collector) 2.9.1
Log file from the latest run is attached with this email.
Listing is provided below:
% ls -la ~
total 88
drwxr-x---+ 22 tsir staff 704 Jul 8 14:16 .
drwxr-xr-x 5 root admin 160 May 23 17:48 ..
…-r-------- 1 tsir staff 7 May 23 17:49 .CFUserTextEncoding
-rw-r--r--@ 1 tsir staff 10244 Jul 8 14:23 .DS_Store
drwx------+ 10 tsir staff 320 Jul 8 14:13 .Trash
-rw-r--r-- 1 tsir staff 635 May 23 19:55 .anyconnect
drwxr-xr-x 3 tsir staff 96 May 23 18:07 .cisco
-rw------- 1 tsir staff 924 Jun 17 08:25 .viminfo
drwxr-xr-x 3 tsir staff 96 May 23 19:57 .vpn
-rw------- 1 tsir staff 5752 Jul 8 14:16 .zsh_history
drwx------ 8 tsir staff 256 Jul 8 14:16 .zsh_sessions
drwx------+ 5 tsir staff 160 Jun 6 16:02 Desktop
drwx------+ 4 tsir staff 128 May 23 21:24 Documents
drwx------+ 9 tsir staff 288 Jul 8 20:18 Downloads
drwx------@ 76 tsir staff 2432 Jun 21 11:03 Library
drwx------ 4 tsir staff 128 May 24 05:51 Movies
drwx------+ 3 tsir staff 96 May 23 17:48 Music
drwx------+ 4 tsir staff 128 May 23 19:03 Pictures
drwxr-x---+ 38 tsir staff 1216 Jul 8 17:32 Public
-rw-r--r-- 1 tsir staff 885 Jul 8 14:12 custom.yaml
-rw-r--r-- 1 tsir staff 626 Jul 8 14:12 filefocus.yaml
-rw-r--r-- 1 tsir staff 353 Jul 8 14:12 twm_test.yaml
Let me know what you find or if you need me to attempt other tests etc.
Thanks
-- Tom M
KN6OKY
On Mon, Jul 8, 2024 at 4:24 PM Thiago Canozzo Lahr ***@***.***> wrote:
Also, can you provide the output for the following command, please?
ls -la ~
—
Reply to this email directly, view it on GitHub
<#244 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AOR5RW2LVNK7DMXB5Q3XOI3ZLMNUPAVCNFSM6AAAAABKROYBL6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMJVGUYTGMRYHE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I did not receive the log file. Can you send it to [email protected] please? |
|
Absolutely Tom MKN6OKYOn Jul 9, 2024, at 11:02, Thiago Canozzo Lahr ***@***.***> wrote:
I did not receive the log file. Can you send it to ***@***.*** please?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Closing this one as it was confirmed that files are being properly collected. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey Tclahr, great work with UAC. I like using it but in the past couple weeks while trying it out for Mac OS systems, I noticed trouble getting the shell history, shell session, and shell configuration plugins to collect from Apple Mac OS 12 hosts. I tried a number of command line variations but so far, nothing has produced teh expected files in the collection.
An example run:
% sudo ./uac -a files/shell/* --hostname
/bin/hostname--debug /tmp|: | | |: _ |: |
| || | | | | |_
||| |||
Unix-like Artifacts Collector 2.7.0
Operating System : macos
System Architecture : arm64
Hostname : TSIRs-Virtual-Machine.local
Mount Point : /
Running as : root
Temp Directory : /tmp/uac-data.tmp
Artifacts collection started...
[001/003] 2024-07-08 12:10:30 -0700 files/shell/config.yaml
[002/003] 2024-07-08 12:10:33 -0700 files/shell/history.yaml
[003/003] 2024-07-08 12:10:36 -0700 files/shell/sessions.yaml
As in this example, I was hoping to get those three artifacts collected, but none of them were in the collection archive.
Can you look and confirm? If you like I can send you the debug uac file, just message me as a dm.
Thanks.
TWM
The text was updated successfully, but these errors were encountered: