Description of problem: The current setup with volatility leaves a lot to the user to configure. I was thinking that a few changes could be made 1) ship a /etc/volatilityrc file 2) create /etc/volatility.d/ 3) ship module.c in the docs directory 4) ship a utility that creates a profile from current installation 5) add a man page documenting where plugins & profiles go I have some of these already. I am considering adding libvmi to fedora which contains a plugin for volatility. So, standardizing some of this would be helpful.
Created attachment 918782 [details] volatility resource configuration file Assuming /etc/volatility.d/ is acceptable, the attached file should work.
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Things are possibly bit different with 2.5, and I hope it is better. >1) ship a /etc/volatilityrc file probably not needed - configuration works with the built-in defaults >2) create /etc/volatility.d/ Plugins are in the python site packages. Maybe I do not understand what you want to put there to /etc/volatility.d/ >3) ship module.c in the docs directory It is in /usr/share/python-volatility/tools/linux in the 2.5 package (rawhide, fc24). I will push the update to fc23/epel7. >4) ship a utility that creates a profile from current installation I do have vol_genprofile in the 2.5 package (rawhide, fc24). I will push the update to fc23/epel7. >5) add a man page documenting where plugins & profiles go I have added the Debian manpage modified for Fedora.
> >2) create /etc/volatility.d/ > Plugins are in the python site packages. > Maybe I do not understand what you want to put there to /etc/volatility.d/ There are 3rd party modules that people might want to install. That is unless you've packaged more than just volatility. Also, do we have lime or some other way of getting memory dumps?
python-volatility-2.5.0-7.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-578e66ffeb
python-volatility-2.5.0-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1fe917cc79
python-volatility-2.5.0-7.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-275852c853
python-volatility-2.5.0-7.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a17942d55
>Also, do we have lime or some other way of getting memory dumps? Lime module is not included ... I believe that Lime should go to separate package.
python-volatility-2.5.0-7.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a17942d55
python-volatility-2.5.0-7.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-275852c853
python-volatility-2.5.0-7.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-578e66ffeb
python-volatility-2.5.0-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1fe917cc79
python-volatility-2.5.0-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
python-volatility-2.5.0-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
python-volatility-2.5.0-7.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.