Duplicate artifacts in sys_modules.yaml and kernel_modules.yaml

tclahr / uac

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

https://tclahr.github.io/uac-docs

Apache License 2.0

739 stars 114 forks source link

Duplicate artifacts in sys_modules.yaml and kernel_modules.yaml #261

Closed mnrkbys closed 1 month ago

mnrkbys commented 1 month ago

sys_modules.yaml has the following artifatct:

  -
    description: List loaded kernel modules.
    supported_os: [linux]
    collector: command
    command: ls -l -a /sys/module
    output_file: ls_-l_-a_sys_module.txt

However, kernel_modules.yaml has the same:

  -
    description: Display the loaded kernel modules (compare with /proc/modules).
    supported_os: [linux]
    collector: command
    command: ls -la /sys/module
    output_file: ls_-la_sys_module.txt

It might be better to unify them into one.

tclahr commented 1 month ago

Confirmed. I will keep kernel_modules.yaml and remove sys_modules.yaml.

tclahr commented 1 month ago

Merged in PR #263