Update volatile profiles

fox-it · Nov 16, 2023 · 4013015 · 4013015
1 parent 14ed79a
commit 4013015
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/acquire/acquire.py b/acquire/acquire.py
@@ -1813,14 +1813,14 @@ def acquire_target_targetd(target: Target, args: argparse.Namespace, output_ts:
     return files
 
 
-def _add_modules_for_profile(choice: str, operating_system: str, profile: dict, msg: str):
+def _add_modules_for_profile(choice: str, operating_system: str, profile: dict, msg: str) -> Optional[dict]:
     modules_selected = dict()
 
     if choice and choice != "none":
         profile_dict = profile[choice]
         if operating_system not in profile_dict:
             log.error(msg, operating_system, choice)
-            return {}
+            return None
 
         for mod in profile_dict[operating_system]:
             modules_selected[mod.__modname__] = mod
@@ -1902,12 +1902,12 @@ def acquire_target_regular(target: Target, args: argparse.Namespace, output_ts:
         args.volatile, target.os, VOLATILE, "No collection set for OS %s with volatile profile %s"
     )
 
+    if (profile_modules or volatile_modules) is None:
+        return files
+
     modules_selected.update(profile_modules)
     modules_selected.update(volatile_modules)
 
-    if not (profile_modules or volatile_modules):
-        return files
-
     log.info("Modules selected: %s", ", ".join(sorted(modules_selected)))
 
     local_only_modules = {name: module for name, module in modules_selected.items() if hasattr(module, "__local__")}
@@ -2180,12 +2180,19 @@ class VolatileProfile:
 
 
 VOLATILE = {
-    "default": {"windows": VolatileProfile.DEFAULT},
+    "default": {
+        "windows": VolatileProfile.DEFAULT,
+        "linux": [],
+        "bsd": [],
+        "esxi": [],
+        "osx": [],
+    },
     "extensive": {
         "windows": VolatileProfile.DEFAULT,
         "linux": VolatileProfile.EXTENSIVE,
         "bsd": VolatileProfile.EXTENSIVE,
         "esxi": VolatileProfile.EXTENSIVE,
+        "osx": [],
     },
     "none": None,
 }

diff --git a/acquire/utils.py b/acquire/utils.py
@@ -108,7 +108,7 @@ def create_argument_parser(profiles: dict, volatile: dict, modules: dict) -> arg
     parser.add_argument("-l", "--log", type=Path, help="log directory location")
     parser.add_argument("--no-log", action="store_true", help=argparse.SUPPRESS)
     parser.add_argument("-p", "--profile", choices=profiles.keys(), help="collection profile")
-    parser.add_argument("--volatile", choices=volatile.keys(), help="volatile profile")
+    parser.add_argument("--volatile", choices=volatile.keys(), default="none", help="volatile profile")
 
     parser.add_argument("-f", "--file", action="append", help="acquire file")
     parser.add_argument("-d", "--directory", action="append", help="acquire directory recursively")