Merge pull request #27 from jamf/stuartjash_v002

v002 - updates and cleanup
jamf · Aug 30, 2022 · 585f8af · 585f8af
2 parents 46cc2f0 + aebdf8e
commit 585f8af
Show file tree

Hide file tree

Showing 32 changed files with 487 additions and 477 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,6 +23,7 @@ xcuserdata/
 *.xccheckout
 *.xcscmblueprint
 *.profraw
+*.xcscheme
 
 ## Obj-C/Swift specific
 *.hmap

diff --git a/README.md b/README.md
@@ -1,4 +1,8 @@
-# Aftermath
+      ___    ______                            __  __
+     /   |  / __/ /____  _________ ___  ____ _/ /_/ /_
+    / /| | / /_/ __/ _ \/ ___/ __ `__ \/ __ `/ __/ __ \
+   / ___ |/ __/ /_/  __/ /  / / / / / / /_/ / /_/ / / /
+  /_/  |_/_/  \__/\___/_/  /_/ /_/ /_/\__,_/\__/_/ /_/
 
 ## About
 Aftermath is a  Swift-based, open-source incident response framework.
@@ -62,13 +66,16 @@ sudo aftermath [option1] [option2]
 ## Help Menu
 
 ```
--o or --output -> specify an output location for Aftermath collection results (defaults to /tmp)
-     usage: -o Users/user/Desktop
---analyze -> Analyze the results of the Aftermath results
+--analyze -> analyze the results of the Aftermath results
      usage: --analyze <path_to_aftermath_collection_file>
---cleanup -> Remove Aftermath Response Folders
---deep or -d -> Perform a deep scan of the file system for modified and accessed timestamped metadata
+--collect-dirs -> specify locations of (space-separated) directories to dump those raw files
+    usage: --collect-dirs <path_to_dir> <path_to_another_dir>
+--deep or -d -> perform a deep scan of the file system for modified and accessed timestamped metadata
     WARNING: This will be a time-intensive, memory-consuming scan.
+-o or --output -> specify an output location for Aftermath collection results (defaults to /tmp)
+     usage: -o Users/user/Desktop
+--pretty -> colorize Terminal output
+--cleanup -> remove Aftermath Response Folders
 ```
 
 ## Contributors

diff --git a/aftermath.entitlements b/aftermath.entitlements
diff --git a/aftermath.xcodeproj/project.pbxproj b/aftermath.xcodeproj/project.pbxproj
@@ -45,6 +45,7 @@
 		A0E1E3F6275ED2E4008D0DC6 /* NetworkModule.swift in Sources */ = {isa = PBXBuildFile; fileRef = A0E1E3F5275ED2E4008D0DC6 /* NetworkModule.swift */; };
 		A0E1E3F8275ED35D008D0DC6 /* NetworkConnections.swift in Sources */ = {isa = PBXBuildFile; fileRef = A0E1E3F7275ED35D008D0DC6 /* NetworkConnections.swift */; };
 		A0E22EF2285CD60A003A411A /* CommonDirectories.swift in Sources */ = {isa = PBXBuildFile; fileRef = A0E22EF1285CD60A003A411A /* CommonDirectories.swift */; };
+		A0FAEEFE28B94B2C00AC655F /* LogParser.swift in Sources */ = {isa = PBXBuildFile; fileRef = A0FAEEFD28B94B2C00AC655F /* LogParser.swift */; };
 		A3046F8E27627DAC0069AA21 /* Module.swift in Sources */ = {isa = PBXBuildFile; fileRef = A3046F8D27627DAC0069AA21 /* Module.swift */; };
 		A3046F902763AE5E0069AA21 /* CaseFiles.swift in Sources */ = {isa = PBXBuildFile; fileRef = A3046F8F2763AE5E0069AA21 /* CaseFiles.swift */; };
 		A3745358275730870074B65C /* LaunchItems.swift in Sources */ = {isa = PBXBuildFile; fileRef = A3745357275730870074B65C /* LaunchItems.swift */; };
@@ -93,7 +94,6 @@
 		A08342D7284E48FC005E437A /* LogFiles.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LogFiles.swift; sourceTree = "<group>"; };
 		A0879956275AD2DC00E885BC /* SystemConfig.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SystemConfig.swift; sourceTree = "<group>"; };
 		A09B239B2848F6050062D592 /* Periodic.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Periodic.swift; sourceTree = "<group>"; };
-		A0A1AE4B288ADD85004B2BE5 /* aftermathRelease.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = aftermathRelease.entitlements; sourceTree = "<group>"; };
 		A0C930D328A4318F0011FB87 /* Timeline.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Timeline.swift; sourceTree = "<group>"; };
 		A0D6D54227F76C58002BB3C8 /* Cron.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Cron.swift; sourceTree = "<group>"; };
 		A0D6D54627FE147D002BB3C8 /* Overrides.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Overrides.swift; sourceTree = "<group>"; };
@@ -106,13 +106,13 @@
 		A0E1E3F5275ED2E4008D0DC6 /* NetworkModule.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NetworkModule.swift; sourceTree = "<group>"; };
 		A0E1E3F7275ED35D008D0DC6 /* NetworkConnections.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NetworkConnections.swift; sourceTree = "<group>"; };
 		A0E22EF1285CD60A003A411A /* CommonDirectories.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CommonDirectories.swift; sourceTree = "<group>"; };
-		A0E46B8A288F55A600975EC8 /* aftermath.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = aftermath.entitlements; sourceTree = "<group>"; };
+		A0FAEEFD28B94B2C00AC655F /* LogParser.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LogParser.swift; sourceTree = "<group>"; };
 		A3046F8D27627DAC0069AA21 /* Module.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Module.swift; sourceTree = "<group>"; };
 		A3046F8F2763AE5E0069AA21 /* CaseFiles.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CaseFiles.swift; sourceTree = "<group>"; };
 		A3745357275730870074B65C /* LaunchItems.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LaunchItems.swift; sourceTree = "<group>"; };
 		A3745359275735B40074B65C /* LoginHooks.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoginHooks.swift; sourceTree = "<group>"; };
 		A374535C2757C1300074B65C /* FileManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FileManager.swift; sourceTree = "<group>"; };
-		A3A3A3CD274754B400F8F557 /* Readme.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = Readme.md; sourceTree = "<group>"; };
+		A3A3A3CD274754B400F8F557 /* README.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = README.md; sourceTree = "<group>"; };
 		A3CD4E52274434EE00869ECB /* aftermath */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = aftermath; sourceTree = BUILT_PRODUCTS_DIR; };
 		A3CD4E55274434EE00869ECB /* Command.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Command.swift; sourceTree = "<group>"; };
 /* End PBXFileReference section */
@@ -228,6 +228,7 @@
 				A006B5A02882FBA70091FAA1 /* DatabaseParser.swift */,
 				A0C930D328A4318F0011FB87 /* Timeline.swift */,
 				A02509F028AD93DA0030D6A7 /* Storyline.swift */,
+				A0FAEEFD28B94B2C00AC655F /* LogParser.swift */,
 			);
 			path = analysis;
 			sourceTree = "<group>";
@@ -287,7 +288,7 @@
 				A029AB132876A01300649701 /* processes */,
 				70A44401275707800035F40E /* systemRecon */,
 				8ABB9E2927568E9000C0ADD7 /* unifiedlogs */,
-				A3A3A3CD274754B400F8F557 /* Readme.md */,
+				A3A3A3CD274754B400F8F557 /* README.md */,
 				A3CD4E53274434EE00869ECB /* Products */,
 			);
 			sourceTree = "<group>";
@@ -303,8 +304,6 @@
 		A3CD4E54274434EE00869ECB /* aftermath */ = {
 			isa = PBXGroup;
 			children = (
-				A0E46B8A288F55A600975EC8 /* aftermath.entitlements */,
-				A0A1AE4B288ADD85004B2BE5 /* aftermathRelease.entitlements */,
 				A3CD4E55274434EE00869ECB /* Command.swift */,
 				8ABB9E302756D2B500C0ADD7 /* Aftermath.swift */,
 				A3046F8D27627DAC0069AA21 /* Module.swift */,
@@ -383,6 +382,7 @@
 				A3CD4E56274434EE00869ECB /* Command.swift in Sources */,
 				A0C2E89728AAAE33008FA597 /* ProcLib.h in Sources */,
 				A3745358275730870074B65C /* LaunchItems.swift in Sources */,
+				A0FAEEFE28B94B2C00AC655F /* LogParser.swift in Sources */,
 				A05BF3BD284FF8C0009E197B /* FileSystemModule.swift in Sources */,
 				A0E22EF2285CD60A003A411A /* CommonDirectories.swift in Sources */,
 				A3046F902763AE5E0069AA21 /* CaseFiles.swift in Sources */,
@@ -461,6 +461,7 @@
 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = YES;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -523,6 +524,7 @@
 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = YES;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -550,8 +552,8 @@
 			buildSettings = {
 				ARCHS = "$(ARCHS_STANDARD)";
 				CLANG_ENABLE_MODULES = YES;
-				CODE_SIGN_ENTITLEMENTS = aftermath/aftermath.entitlements;
 				CODE_SIGN_IDENTITY = "Developer ID Application";
+				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = YES;
 				CODE_SIGN_STYLE = Manual;
 				DEVELOPMENT_TEAM = 6PV5YF2UES;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -576,8 +578,8 @@
 			buildSettings = {
 				ARCHS = "$(ARCHS_STANDARD)";
 				CLANG_ENABLE_MODULES = YES;
-				CODE_SIGN_ENTITLEMENTS = aftermath/aftermathRelease.entitlements;
 				CODE_SIGN_IDENTITY = "Developer ID Application";
+				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = YES;
 				CODE_SIGN_STYLE = Manual;
 				DEVELOPMENT_TEAM = 6PV5YF2UES;
 				ENABLE_HARDENED_RUNTIME = YES;

diff --git a/aftermath.xcodeproj/xcshareddata/xcschemes/aftermath-analysis.xcscheme b/aftermath.xcodeproj/xcshareddata/xcschemes/aftermath-analysis.xcscheme
diff --git a/aftermath.xcodeproj/xcshareddata/xcschemes/aftermath-clean.xcscheme b/aftermath.xcodeproj/xcshareddata/xcschemes/aftermath-clean.xcscheme