dissect.target 3.11.1__py3-none-any.whl → 3.11.2.dev1__py3-none-any.whl

dissect/target/plugins/apps/webhosting/cpanel.py

@@ -0,0 +1,72 @@
+import re
+from datetime import datetime
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import Plugin, export
+
+CPanelLastloginRecord = TargetRecordDescriptor(
+    "application/log/cpanel/lastlogin",
+    [
+        ("datetime", "ts"),
+        ("string", "user"),
+        ("net.ipaddress", "remote_ip"),
+    ],
+)
+
+CPANEL_LASTLOGIN = ".lastlogin"
+CPANEL_LOGS_PATH = "/usr/local/cpanel/logs"
+CPANEL_LASTLOGIN_PATTERN = re.compile(
+    r"([^\s]+) # ([0-9]{4}-[0-9]{2}-[0-9]{2}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) ([+-][0-9]{4})"
+)
+
+
+class CPanelPlugin(Plugin):
+    # TODO: Parse other log files https://support.cartika.com/portal/en/kb/articles/whm-cpanel-log-files-and-locations
+    __namespace__ = "cpanel"
+
+    def check_compatible(self) -> None:
+        if not self.target.fs.path(CPANEL_LOGS_PATH).exists():
+            raise UnsupportedPluginError("No cPanel log path found")
+
+    @export(record=CPanelLastloginRecord)
+    def lastlogin(self) -> Iterator[CPanelLastloginRecord]:
+        """Return the content of the cPanel lastlogin file.
+
+        The lastlogin files tracks successful cPanel interface logons. New logon events are only tracked
+        if the IP-address of the logon changes.
+
+        References:
+            - https://forums.cpanel.net/threads/cpanel-control-panel-last-login-clarification.579221/
+            - https://forums.cpanel.net/threads/lastlogin.707557/
+        """
+        for user_details in self.target.user_details.all_with_home():
+            if (lastlogin := user_details.home_path.joinpath(CPANEL_LASTLOGIN)).exists():
+                try:
+                    for index, line in enumerate(lastlogin.open("rt")):
+                        line = line.strip()
+                        if not line:
+                            continue
+
+                        if events := CPANEL_LASTLOGIN_PATTERN.findall(line):
+                            for event in events:
+                                remote_ip, date, time, utc_offset = event
+
+                                timestamp = datetime.strptime(f"{date} {time} {utc_offset}", "%Y-%m-%d %H:%M:%S %z")
+
+                                yield CPanelLastloginRecord(
+                                    ts=timestamp,
+                                    user=user_details.user.name,
+                                    remote_ip=remote_ip,
+                                    _target=self.target,
+                                )
+                        else:
+                            self.target.log.warning(
+                                "The cPanel lastlogin line number %s is malformed: %s", index + 1, lastlogin
+                            )
+
+                except Exception:
+                    self.target.log.warning(
+                        "An error occurred parsing cPanel lastlogin line number %i in file: %s", index + 1, lastlogin
+                    )

{dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.11.1
+Version: 3.11.2.dev1
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.11.1.dist-info → dissect.target-3.11.2.dev1.dist-info}/RECORD

@@ -103,6 +103,8 @@ dissect/target/plugins/apps/ssh/openssh.py,sha256=bOtUj_jrie8ncTmtj_cCmFh169i4eW
 dissect/target/plugins/apps/vpns/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/vpns/openvpn.py,sha256=OP2dUIlAdVpMAW9OQycWQpigmemF1AJKIEUVNgTB7HQ,6622
 dissect/target/plugins/apps/vpns/wireguard.py,sha256=LpGwbABhrViMVUJ-QWS1leLHyjwVtIMIp-dzkvarE0c,5773
+dissect/target/plugins/apps/webhosting/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/apps/webhosting/cpanel.py,sha256=OeFQnu9GmpffIlFyK-AR2Qf8tjyMhazWEAUyccDU5y0,2979
 dissect/target/plugins/apps/webservers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/webservers/apache.py,sha256=tEH65kRDzNnRkn_oy9pjGqzvP82gx-G4ZRVjyjY_rU4,7091
 dissect/target/plugins/apps/webservers/caddy.py,sha256=uwrH1pYkKaaa9GGueyCi2QO_4WT0msvm_ju7Ff3YxuU,6306
@@ -277,10 +279,10 @@ dissect/target/volumes/bde.py,sha256=gYGg5yF9MNARwNzEkrEfZmKkxyZW4rhLkpdnPJCbhGk
 dissect/target/volumes/disk.py,sha256=95grSsPt1BLVpKwTclwQYzPFGKTkFFqapIk0RoGWf38,968
 dissect/target/volumes/lvm.py,sha256=_kIB1mdRs1OFhRgoT4VEP5Fv8imQnI7oQ_ie4x710tQ,1814
 dissect/target/volumes/vmfs.py,sha256=mlAJ8278tYaoRjk1u6tFFlCaDQUrVu5ZZE4ikiFvxi8,1707
-dissect.target-3.11.1.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.11.1.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.11.1.dist-info/METADATA,sha256=wudvlAixkld0J1BHVGSJgy_Lt387ycWx6FD-Mhf7W44,10707
-dissect.target-3.11.1.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
-dissect.target-3.11.1.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.11.1.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.11.1.dist-info/RECORD,,
+dissect.target-3.11.2.dev1.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.11.2.dev1.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.11.2.dev1.dist-info/METADATA,sha256=Bpf8TdpjIStxlBta0fNZO6ytz6f2caTDAgXftEX4pqw,10712
+dissect.target-3.11.2.dev1.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+dissect.target-3.11.2.dev1.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.11.2.dev1.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.11.2.dev1.dist-info/RECORD,,