artif: new artifacts

CHANGELOG.md

@@ -28,6 +28,7 @@
 - files/logs/additional_logs.yaml: Artifact was renamed to advanced_log_search.yaml.
 - files/logs/relink.yaml: Added collection of the kernel relink log file [openbsd] ([Herbert-Karl](https://github.com/Herbert-Karl)).
 - files/logs/run_log.yaml: Added collection of /run/log directory.
+- files/packages/pkg_contents.yaml: Updated to collect FreeBSD installed packages database [freebsd] ([Herbert-Karl](https://github.com/Herbert-Karl)).
 - files/system/acct.yaml: Added collection of system accounting files [freebsd, netbsd, openbsd] ([Herbert-Karl](https://github.com/Herbert-Karl)).
 - files/system/dev_db.yaml: Added collection of the database file used for device lookups [netbsd, openbsd] ([Herbert-Karl](https://github.com/Herbert-Karl)).
 - files/system/dev_shm.yaml: Updated to increase max_file_size to 10MB.
@@ -51,6 +52,8 @@
 - live_response/process/strings_running_processes.yaml: Added collection of strings from running processes for ESXi systems [esxi].
 - live_response/process/strings_running_processes.yaml: Added condition to check whether developer tools are installed before running strings on macOS [macos].
 - live_response/process/strings_running_processes.yaml: Added support for collecting strings even when the strings command is unavailable. In such cases, the built-in astrings command will be used instead [all].
+- live_response/storage/btrfs.yaml: Added collection of btrfs mountpoints, subvolumes and snapshots information [linux] ([mnrkbys](https://github.com/mnrkbys)).
+- live_response/system/bpftool.yaml: Added eBPF programs information collection using bpftool [linux] ([mnrkbys](https://github.com/mnrkbys)).
 - live_response/system/hidden_directories.yaml: Updated to remove max_depth limit.
 - live_response/system/hidden_files.yaml: Updated to remove max_depth limit.
 - live_response/system/kernel_tainted_state.yaml: Added collection of dmesg messages showing modules tainting the kernel [linux].

artifacts/files/packages/pkg_contents.yaml

@@ -1,5 +1,10 @@
 version: 2.1
 artifacts:
+  -
+    description: Collect installed packages database.
+    supported_os: [freebsd]
+    collector: file
+    path: /var/db/pkg/local.sqlite
   -
     description: Collect package table of contents files.
     supported_os: [netbsd, openbsd]
@@ -17,8 +22,4 @@ artifacts:
     supported_os: [solaris]
     collector: file
     path: /var/pkg/publisher/*/pkg
-  -
-    description: Collect installed packages database.
-    supported_os: [freebsd]
-    collector: file
-    path: /var/db/pkg/local.sqlite
+

artifacts/live_response/storage/btrfs.yaml

@@ -37,14 +37,6 @@ artifacts:
     foreach: cat "/%temp_directory%/storage/list_of_btrfs_mountpoints.txt"
     command: btrfs subvolume list -a -p -c -u -q -R -d %line%
     output_file: btrfs_subvolumes_list_-a_-p_-c_-u_-q_-R_-d.txt
-  # -
-  #   description: Collect the list of all Btrfs subvolumes.
-  #   supported_os: [linux]
-  #   collector: command
-  #   foreach: cat "/%temp_directory%/storage/list_of_btrfs_mountpoints.txt"
-  #   command: btrfs subvolume list -a %line% | grep -v '<FS_TREE>' | awk -v mp="%line%/" 'NF{print mp$NF; found=1} END{if (!found) print mp}'
-  #   output_directory: /%temp_directory%/storage
-  #   output_file: list_of_btrfs_subvolumes.txt
   -
     description: Show information about mounted Btrfs subvolumes.
     supported_os: [linux]