extending data collection on solaris

[sec-hbaer]

While using UAC on Solaris, I found some data was not covered yet:

• script files that are run by services (using the service management facility of solaris)
• config files for services (using the service management facility of solaris)
• config files of the link-editor (ld)
• information on installed packages
  • there is an artifact for this already, but it doesnt cover what we normally consider as packages
• information files of installed packages (containing metadata of the package, changes to the system and checksums+metadata of files that are added by the package)
• files around logins to the system

I also noticed that the bodyfile with a depth of 6 does not cover all files that are normally on a solaris system. E. g. the pkg content files have a depth of seven on the file system. I did not propose a change to the depth limit, as Im unsure as to why it was introduced in the beginning.

I added artifact collection files and modified some existing ones to cover such data. I tested it successfully on a Solaris version 11.4

If needed, I can provide a uac collection archive with the new artifacts / changes for review :)

[tclahr]

Awesome! Concerning the max_depth limit in bodyfile, that was added as bodyfile creation was taking too long to run on some systems such as macos. I changed the code completely on uac v3, so that limitation will be removed when v3 is released (in the next months).