From b48d44b0aa3e4a6a1542253a32474b774a776e68 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 30 Aug 2023 09:06:47 -0400 Subject: [PATCH 01/15] update source tags --- snap/snapcraft.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index d32596b9ee..794b657f6c 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -119,8 +119,7 @@ parts: # more information on plugins here: https://snapcraft.io/docs/supported-plugins plugin: autotools source: https://github.com/sleuthkit/sleuthkit.git - source-branch: develop - #source-tag: sleuthkit-4.12.0 + source-tag: sleuthkit-4.12.1 build-environment: [JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64] # information on packages here: https://snapcraft.io/docs/package-repositories build-packages: @@ -174,7 +173,7 @@ parts: - lsof plugin: nil source: https://github.com/sleuthkit/autopsy.git - source-branch: develop + source-tag: autopsy-4.21.0 build-environment: - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64 - TSK_JAVA_LIB_PATH: $SNAPCRAFT_STAGE/usr/local/share/java From 7349b7555a6e500d972cba5745aae98c2384cc4f Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 30 Aug 2023 09:23:53 -0400 Subject: [PATCH 02/15] update version --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 794b657f6c..7e36d38b93 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -22,7 +22,7 @@ name: autopsy # more on base snaps here: https://snapcraft.io/docs/base-snaps # core is based on corresponding ubuntu version. ubuntu version information can be found here: https://wiki.ubuntu.com/Releases base: core22 -version: 4.20.0 +version: 4.21.0 summary: A graphical interface to The Sleuth Kit and other digital forensics tools. # 79 char long summary description: Autopsy is a graphical interface to The Sleuth Kit and other open source digital forensics tools. source-code: https://github.com/sleuthkit/autopsy/ From 3c1953238585b0e23cbd9aa7c53ca296adae8d2f Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 30 Aug 2023 09:27:03 -0400 Subject: [PATCH 03/15] just build-zip --- snap/snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 7e36d38b93..039e7f273d 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -185,7 +185,7 @@ parts: AUTOPSY_PLATFORM_PATH="$AUTOPSY_SRC_PATH/netbeans-plat/$NETBEANS_PLAT_VER" AUTOPSY_HARNESS_PATH="$AUTOPSY_PLATFORM_PATH/harness" export TSK_HOME="$HOME/parts/sleuthkit/build" - ant -Dnbplatform.active.dir="$AUTOPSY_PLATFORM_PATH" -Dnbplatform.default.harness.dir="$AUTOPSY_HARNESS_PATH" build build-zip + ant -Dnbplatform.active.dir="$AUTOPSY_PLATFORM_PATH" -Dnbplatform.default.harness.dir="$AUTOPSY_HARNESS_PATH" build-zip # ----- SETUP EXTRACT DIRECTORY ----- AUTOPSY_LOCATION="$SNAPCRAFT_PART_INSTALL/autopsy" From ae99e3fffb9d5eb9e09123988dfca6c5de3029e7 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 5 Sep 2023 10:45:06 -0400 Subject: [PATCH 04/15] add title to snapcraft --- snap/snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 039e7f273d..c5c59749e0 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -19,6 +19,7 @@ # yaml reference here: https://snapcraft.io/docs/snapcraft-yaml-reference # sample yaml files here: https://github.com/videolan/vlc/blob/master/extras/package/snap/snapcraft.yaml, https://github.com/canonical/firefox-snap/blob/stable/snapcraft.yaml name: autopsy +title: Autopsy # more on base snaps here: https://snapcraft.io/docs/base-snaps # core is based on corresponding ubuntu version. ubuntu version information can be found here: https://wiki.ubuntu.com/Releases base: core22 From 64e112d7488bdb3da24e3f2a48b6c05c50c51081 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 7 Sep 2023 15:26:04 -0400 Subject: [PATCH 05/15] remove browser-sandbox --- snap/snapcraft.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index c5c59749e0..bbbb3b9b17 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -39,7 +39,7 @@ compression: lzo icon: snap/gui/autopsy.png plugs: - system-files-autopsy: + system-files-dev: interface: system-files read: [/dev] system-files-hugepages: @@ -89,7 +89,6 @@ apps: # taken from https://snapcraft.io/docs/supported-interfaces - audio-playback - block-devices - - browser-sandbox - desktop - desktop-launch - desktop-legacy @@ -109,7 +108,7 @@ apps: - opengl - optical-drive - removable-media - - system-files-autopsy + - system-files-dev - system-files-hugepages - system-observe slots: From 4c479186c12fa740ef3595ccead69f82404da707 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 11 Sep 2023 07:33:29 -0400 Subject: [PATCH 06/15] readme update --- Running_Linux_OSX.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Running_Linux_OSX.md b/Running_Linux_OSX.md index c35ca091e0..9399414051 100644 --- a/Running_Linux_OSX.md +++ b/Running_Linux_OSX.md @@ -1,5 +1,8 @@ # Overview -When installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). +For Linux systems that [support snapd](https://snapcraft.io/docs/installing-snapd), there is currently the option to install Autopsy from the [snap package]($install-autopsy-snap). Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). + +# Install Autopsy Snap +You can download the snap package from the [releases section](https://github.com/sleuthkit/autopsy/releases) or directly from the [snap store](https://snapcraft.io/autopsy). In order for Autopsy to run properly, snap connections will need to be properly setup, which can be done by running this script: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. See the [snap README](./snap/README.md) for more information. # Installing Prerequisites - **Linux**: Run [`linux_macos_install_scripts/install_prereqs_ubuntu.sh`](./linux_macos_install_scripts/install_prereqs_ubuntu.sh). From 270d81e83ec10a1e0793ea23838ced6b9f9e9415 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 11 Sep 2023 08:21:26 -0400 Subject: [PATCH 07/15] doc update --- Running_Linux_OSX.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Running_Linux_OSX.md b/Running_Linux_OSX.md index 9399414051..881e8e9467 100644 --- a/Running_Linux_OSX.md +++ b/Running_Linux_OSX.md @@ -1,5 +1,5 @@ # Overview -For Linux systems that [support snapd](https://snapcraft.io/docs/installing-snapd), there is currently the option to install Autopsy from the [snap package]($install-autopsy-snap). Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). +For Linux systems that [support snapd](https://snapcraft.io/docs/installing-snapd), there is currently the option to install Autopsy from the [snap package](#install-autopsy-snap). Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). # Install Autopsy Snap You can download the snap package from the [releases section](https://github.com/sleuthkit/autopsy/releases) or directly from the [snap store](https://snapcraft.io/autopsy). In order for Autopsy to run properly, snap connections will need to be properly setup, which can be done by running this script: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. See the [snap README](./snap/README.md) for more information. From 68e360b5c6270081c5a425cb439a8298dbe8eafe Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 11 Sep 2023 15:42:10 -0400 Subject: [PATCH 08/15] show warning if insufficient memory --- .../org/sleuthkit/autopsy/core/Installer.java | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/core/Installer.java b/Core/src/org/sleuthkit/autopsy/core/Installer.java index 24c40e9967..662759f800 100644 --- a/Core/src/org/sleuthkit/autopsy/core/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/core/Installer.java @@ -20,8 +20,10 @@ package org.sleuthkit.autopsy.core; import com.sun.jna.platform.win32.Kernel32; import java.awt.Cursor; +import java.awt.GraphicsEnvironment; import java.io.File; import java.io.IOException; +import java.lang.management.ManagementFactory; import java.nio.file.Path; import java.nio.file.Paths; import java.util.ArrayList; @@ -34,6 +36,7 @@ import java.util.logging.Level; import javafx.application.Platform; import javafx.embed.swing.JFXPanel; import javax.imageio.ImageIO; +import javax.swing.JOptionPane; import net.sf.sevenzipjbinding.SevenZip; import net.sf.sevenzipjbinding.SevenZipNativeInitializationException; import org.apache.commons.io.FileUtils; @@ -41,6 +44,7 @@ import org.apache.commons.lang3.StringUtils; import org.openide.modules.InstalledFileLocator; import org.openide.modules.ModuleInstall; import org.openide.util.NbBundle; +import org.openide.util.NbBundle.Messages; import org.openide.windows.WindowManager; import org.sleuthkit.autopsy.actions.IngestRunningCheck; import org.sleuthkit.autopsy.casemodule.Case; @@ -373,6 +377,7 @@ public class Installer extends ModuleInstall { @Override public void restored() { super.restored(); + checkMemoryAvailable(); ensurePythonModulesFolderExists(); ensureClassifierFolderExists(); ensureOcrLanguagePacksFolderExists(); @@ -392,6 +397,48 @@ public class Installer extends ModuleInstall { preloadTranslationServices(); } + /** + * Checks system resources logging any potential issues. + */ + @Messages({ + "Installer_checkMemoryAvailable_physicalRamExpected_title=System Does Not Meet Requirements", + "# {0} - physicalMemory", + "Installer_checkMemoryAvailable_physicalRamExpected_desc=Physical memory: {0}, is less than the 8GB required. Some aspects of the application may not work as expected.", + "Installer_checkMemoryAvailable_maxMemExpected_title=System Does Not Meet Requirements", + "# {0} - maxMemory", + "Installer_checkMemoryAvailable_maxMemExpected_desc=Maximum JVM memory: {0}, is less than the 2GB required. Some aspects of the application may not work as expected." + }) + private void checkMemoryAvailable() { + long memorySize = ((com.sun.management.OperatingSystemMXBean) ManagementFactory + .getOperatingSystemMXBean()).getTotalMemorySize(); + if (memorySize < 8_000_000) { + String desc = Bundle.Installer_checkMemoryAvailable_physicalRamExpected_desc(FileUtils.byteCountToDisplaySize(memorySize)); + + logger.log(Level.SEVERE, desc); + if (!GraphicsEnvironment.isHeadless() && RuntimeProperties.runningWithGUI()) { + JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), + "" + desc + "", + Bundle.Installer_checkMemoryAvailable_physicalRamExpected_title(), + JOptionPane.WARNING_MESSAGE); + } + return; + } + + long maxMemory = Runtime.getRuntime().maxMemory(); + if (maxMemory < 2_000_000) { + String desc = Bundle.Installer_checkMemoryAvailable_maxMemExpected_desc(FileUtils.byteCountToDisplaySize(maxMemory)); + + logger.log(Level.SEVERE, desc); + if (!GraphicsEnvironment.isHeadless() && RuntimeProperties.runningWithGUI()) { + JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), + "" + desc + "", + Bundle.Installer_checkMemoryAvailable_maxMemExpected_title(), + JOptionPane.WARNING_MESSAGE); + } + return; + } + } + /** * Initializes 7zip-java bindings. We are performing initialization once * because we encountered issues related to file locking when initialization From 6478dde7073de29fa5abad3e71295a7deb38008d Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 11 Sep 2023 20:01:53 -0400 Subject: [PATCH 09/15] just logging --- .../org/sleuthkit/autopsy/core/Installer.java | 24 ++++--------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/core/Installer.java b/Core/src/org/sleuthkit/autopsy/core/Installer.java index 662759f800..935966adc6 100644 --- a/Core/src/org/sleuthkit/autopsy/core/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/core/Installer.java @@ -401,10 +401,8 @@ public class Installer extends ModuleInstall { * Checks system resources logging any potential issues. */ @Messages({ - "Installer_checkMemoryAvailable_physicalRamExpected_title=System Does Not Meet Requirements", "# {0} - physicalMemory", "Installer_checkMemoryAvailable_physicalRamExpected_desc=Physical memory: {0}, is less than the 8GB required. Some aspects of the application may not work as expected.", - "Installer_checkMemoryAvailable_maxMemExpected_title=System Does Not Meet Requirements", "# {0} - maxMemory", "Installer_checkMemoryAvailable_maxMemExpected_desc=Maximum JVM memory: {0}, is less than the 2GB required. Some aspects of the application may not work as expected." }) @@ -412,30 +410,16 @@ public class Installer extends ModuleInstall { long memorySize = ((com.sun.management.OperatingSystemMXBean) ManagementFactory .getOperatingSystemMXBean()).getTotalMemorySize(); if (memorySize < 8_000_000) { - String desc = Bundle.Installer_checkMemoryAvailable_physicalRamExpected_desc(FileUtils.byteCountToDisplaySize(memorySize)); - + String desc = Bundle.Installer_checkMemoryAvailable_physicalRamExpected_desc( + FileUtils.byteCountToDisplaySize(memorySize)); logger.log(Level.SEVERE, desc); - if (!GraphicsEnvironment.isHeadless() && RuntimeProperties.runningWithGUI()) { - JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), - "" + desc + "", - Bundle.Installer_checkMemoryAvailable_physicalRamExpected_title(), - JOptionPane.WARNING_MESSAGE); - } - return; } long maxMemory = Runtime.getRuntime().maxMemory(); if (maxMemory < 2_000_000) { - String desc = Bundle.Installer_checkMemoryAvailable_maxMemExpected_desc(FileUtils.byteCountToDisplaySize(maxMemory)); - + String desc = Bundle.Installer_checkMemoryAvailable_maxMemExpected_desc( + FileUtils.byteCountToDisplaySize(maxMemory)); logger.log(Level.SEVERE, desc); - if (!GraphicsEnvironment.isHeadless() && RuntimeProperties.runningWithGUI()) { - JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), - "" + desc + "", - Bundle.Installer_checkMemoryAvailable_maxMemExpected_title(), - JOptionPane.WARNING_MESSAGE); - } - return; } } From 5ad95a9e7144306e18491f0831565dd6c657b8ca Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 12 Sep 2023 08:51:41 -0400 Subject: [PATCH 10/15] add in catch --- .../org/sleuthkit/autopsy/core/Installer.java | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/core/Installer.java b/Core/src/org/sleuthkit/autopsy/core/Installer.java index 935966adc6..c3b44d324b 100644 --- a/Core/src/org/sleuthkit/autopsy/core/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/core/Installer.java @@ -407,19 +407,27 @@ public class Installer extends ModuleInstall { "Installer_checkMemoryAvailable_maxMemExpected_desc=Maximum JVM memory: {0}, is less than the 2GB required. Some aspects of the application may not work as expected." }) private void checkMemoryAvailable() { - long memorySize = ((com.sun.management.OperatingSystemMXBean) ManagementFactory - .getOperatingSystemMXBean()).getTotalMemorySize(); - if (memorySize < 8_000_000) { - String desc = Bundle.Installer_checkMemoryAvailable_physicalRamExpected_desc( - FileUtils.byteCountToDisplaySize(memorySize)); - logger.log(Level.SEVERE, desc); + try { + long memorySize = ((com.sun.management.OperatingSystemMXBean) ManagementFactory + .getOperatingSystemMXBean()).getTotalMemorySize(); + if (memorySize < 8_000_000) { + String desc = Bundle.Installer_checkMemoryAvailable_physicalRamExpected_desc( + FileUtils.byteCountToDisplaySize(memorySize)); + logger.log(Level.SEVERE, desc); + } + } catch (Throwable t) { + logger.log(Level.SEVERE, "There was an error fetching physical memory size", t); } - long maxMemory = Runtime.getRuntime().maxMemory(); - if (maxMemory < 2_000_000) { - String desc = Bundle.Installer_checkMemoryAvailable_maxMemExpected_desc( - FileUtils.byteCountToDisplaySize(maxMemory)); - logger.log(Level.SEVERE, desc); + try { + long maxMemory = Runtime.getRuntime().maxMemory(); + if (maxMemory < 2_000_000) { + String desc = Bundle.Installer_checkMemoryAvailable_maxMemExpected_desc( + FileUtils.byteCountToDisplaySize(maxMemory)); + logger.log(Level.SEVERE, desc); + } + } catch (Throwable t) { + logger.log(Level.SEVERE, "There was an error fetching jvm max memory", t); } } From cc2d687b418a405b08f6092ef5adbdb384fcabf6 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 12 Sep 2023 09:52:00 -0400 Subject: [PATCH 11/15] fix --- .../org/sleuthkit/autopsy/core/Bundle.properties-MERGED | 4 ++++ Core/src/org/sleuthkit/autopsy/core/Installer.java | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/core/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/core/Bundle.properties-MERGED index c0407c965b..fce17d6606 100755 --- a/Core/src/org/sleuthkit/autopsy/core/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/core/Bundle.properties-MERGED @@ -2,6 +2,10 @@ Installer.closing.confirmationDialog.message=Ingest is running, are you sure you Installer.closing.confirmationDialog.title=Ingest is Running # {0} - exception message Installer.closing.messageBox.caseCloseExceptionMessage=Error closing case: {0} +# {0} - maxMemory +Installer_checkMemoryAvailable_maxMemExpected_desc=Maximum JVM memory: {0}, is less than the 2 GB required. Some aspects of the application may not work as expected. +# {0} - physicalMemory +Installer_checkMemoryAvailable_physicalRamExpected_desc=Physical memory: {0}, is less than the 8 GB required. Some aspects of the application may not work as expected. OpenIDE-Module-Display-Category=Infrastructure OpenIDE-Module-Long-Description=\ This is the core Autopsy module.\n\n\ diff --git a/Core/src/org/sleuthkit/autopsy/core/Installer.java b/Core/src/org/sleuthkit/autopsy/core/Installer.java index c3b44d324b..0cbafe987e 100644 --- a/Core/src/org/sleuthkit/autopsy/core/Installer.java +++ b/Core/src/org/sleuthkit/autopsy/core/Installer.java @@ -402,15 +402,15 @@ public class Installer extends ModuleInstall { */ @Messages({ "# {0} - physicalMemory", - "Installer_checkMemoryAvailable_physicalRamExpected_desc=Physical memory: {0}, is less than the 8GB required. Some aspects of the application may not work as expected.", + "Installer_checkMemoryAvailable_physicalRamExpected_desc=Physical memory: {0}, is less than the 8 GB required. Some aspects of the application may not work as expected.", "# {0} - maxMemory", - "Installer_checkMemoryAvailable_maxMemExpected_desc=Maximum JVM memory: {0}, is less than the 2GB required. Some aspects of the application may not work as expected." + "Installer_checkMemoryAvailable_maxMemExpected_desc=Maximum JVM memory: {0}, is less than the 2 GB required. Some aspects of the application may not work as expected." }) private void checkMemoryAvailable() { try { long memorySize = ((com.sun.management.OperatingSystemMXBean) ManagementFactory .getOperatingSystemMXBean()).getTotalMemorySize(); - if (memorySize < 8_000_000) { + if (memorySize < 8_000_000_000L) { String desc = Bundle.Installer_checkMemoryAvailable_physicalRamExpected_desc( FileUtils.byteCountToDisplaySize(memorySize)); logger.log(Level.SEVERE, desc); @@ -421,7 +421,7 @@ public class Installer extends ModuleInstall { try { long maxMemory = Runtime.getRuntime().maxMemory(); - if (maxMemory < 2_000_000) { + if (maxMemory < 2_000_000_000L) { String desc = Bundle.Installer_checkMemoryAvailable_maxMemExpected_desc( FileUtils.byteCountToDisplaySize(maxMemory)); logger.log(Level.SEVERE, desc); From ccc4dba6e53af0e4850179f6f2fe7dc116b3a162 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 12 Sep 2023 13:51:59 -0400 Subject: [PATCH 12/15] solr by default in upgrade --- .../autopsy/keywordsearch/KeywordSearchJobSettings.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchJobSettings.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchJobSettings.java index 133c3b37db..f04506d76a 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchJobSettings.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchJobSettings.java @@ -29,7 +29,8 @@ import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings; public final class KeywordSearchJobSettings implements IngestModuleIngestJobSettings { private static final long serialVersionUID = 1L; - + private static final boolean DEFAULT_INDEX_TO_SOLR = true; + private final HashSet namesOfEnabledKeywordLists; private HashSet namesOfDisabledKeywordLists; // Added in version 1.1 @@ -42,7 +43,8 @@ public final class KeywordSearchJobSettings implements IngestModuleIngestJobSett private boolean ocrOnly; - private boolean indexToSolr; + // use object boolean so older settings missing this setting will deserialize to null. + private Boolean indexToSolr; /** * Constructs ingest job settings for the keywords search module. @@ -202,7 +204,7 @@ public final class KeywordSearchJobSettings implements IngestModuleIngestJobSett } boolean isIndexToSolrEnabled() { - return indexToSolr; + return indexToSolr == null ? DEFAULT_INDEX_TO_SOLR : indexToSolr; } void setIndexToSolrEnabled(boolean enabled){ From 320fd6ad2931f6dbbcebdc1e449d018ad0222d2b Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 13 Sep 2023 10:16:16 -0400 Subject: [PATCH 13/15] ammend README for snap package download for now --- Running_Linux_OSX.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Running_Linux_OSX.md b/Running_Linux_OSX.md index 881e8e9467..529b89f127 100644 --- a/Running_Linux_OSX.md +++ b/Running_Linux_OSX.md @@ -2,7 +2,7 @@ For Linux systems that [support snapd](https://snapcraft.io/docs/installing-snapd), there is currently the option to install Autopsy from the [snap package](#install-autopsy-snap). Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). # Install Autopsy Snap -You can download the snap package from the [releases section](https://github.com/sleuthkit/autopsy/releases) or directly from the [snap store](https://snapcraft.io/autopsy). In order for Autopsy to run properly, snap connections will need to be properly setup, which can be done by running this script: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. See the [snap README](./snap/README.md) for more information. +You can download the snap package from the [releases section](https://github.com/sleuthkit/autopsy/releases). In order for Autopsy to run properly, snap connections will need to be properly setup, which can be done by running this script: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. See the [snap README](./snap/README.md) for more information. # Installing Prerequisites - **Linux**: Run [`linux_macos_install_scripts/install_prereqs_ubuntu.sh`](./linux_macos_install_scripts/install_prereqs_ubuntu.sh). From b2f89ddd36f1b0bec791e5588bb5504545a16ff8 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Fri, 22 Sep 2023 10:52:58 -0400 Subject: [PATCH 14/15] upgrade from solr4 --- .../ModalDialogProgressIndicator.java | 7 ++ .../keywordsearch/Bundle.properties-MERGED | 10 ++- .../autopsy/keywordsearch/Server.java | 17 ++-- .../keywordsearch/SolrSearchService.java | 84 +++++++++++++++++++ 4 files changed, 111 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/progress/ModalDialogProgressIndicator.java b/Core/src/org/sleuthkit/autopsy/progress/ModalDialogProgressIndicator.java index 31fb900c56..b3d5c6b828 100644 --- a/Core/src/org/sleuthkit/autopsy/progress/ModalDialogProgressIndicator.java +++ b/Core/src/org/sleuthkit/autopsy/progress/ModalDialogProgressIndicator.java @@ -263,4 +263,11 @@ public final class ModalDialogProgressIndicator implements ProgressIndicator { dialog.setLocationRelativeTo(parent); this.dialog.setVisible(true); } + + /** + * @return The GUI dialog presenting the progress. Possibly null. + */ + public Dialog getDialog() { + return this.dialog; + } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED index 0bf48a5370..6db88c1ba0 100755 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED @@ -52,7 +52,7 @@ KeywordSearchResultFactory.createNodeForKey.noResultsFound.text=No results found KeywordSearchResultFactory.query.exception.msg=Could not perform the query OpenIDE-Module-Display-Category=Ingest Module -OpenIDE-Module-Long-Description=Keyword Search ingest module.\n\nThe module indexes files found in the disk image at ingest time.\nIt then periodically runs the search on the indexed files using one or more keyword lists (containing pure words and/or regular expressions) and posts results.\n\n\The module also contains additional tools integrated in the main GUI, such as keyword list configuration, keyword search bar in the top-right corner, extracted text viewer and search results viewer showing highlighted keywords found. +OpenIDE-Module-Long-Description=Keyword Search ingest module.\n\nThe module indexes files found in the disk image at ingest time.\nIt then periodically runs the search on the indexed files using one or more keyword lists (containing pure words and/or regular expressions) and posts results.\n\nThe module also contains additional tools integrated in the main GUI, such as keyword list configuration, keyword search bar in the top-right corner, extracted text viewer and search results viewer showing highlighted keywords found. OpenIDE-Module-Name=KeywordSearch OptionsCategory_Name_KeywordSearchOptions=Keyword Search OptionsCategory_Keywords_KeywordSearchOptions=Keyword Search @@ -306,6 +306,14 @@ KeywordSearchModuleFactory.getIngestJobSettingsPanel.exception.msg=Expected sett KeywordSearchModuleFactory.createFileIngestModule.exception.msg=Expected settings argument to be instanceof KeywordSearchJobSettings SearchRunner.Searcher.done.err.msg=Error performing keyword search Server.status.failed.msg=Local Solr server did not respond to status request. This may be because the server failed to start or is taking too long to initialize. +# {0} - indexVersion +Server_configureSolrConnection_illegalSolrVersion=The solr version in the case: {0}, is not supported. +# {0} - solrVersion +# {1} - caseName +Server_configureSolrConnection_unsupportedSolrDesc=

The current Solr version: {0} in the case: {1} is no longer supported. You can continue without upgrading, but Solr will not be usable while the case is open, and you will encounter errors. You can also choose to upgrade the Solr version for the case. If you choose to do this, you will need to run Keyword Search with Solr indexing selected in order to use Solr features like ad hoc search with images in the case.

+Server_configureSolrConnection_unsupportedSolrDisableOpt=Continue +Server_configureSolrConnection_unsupportedSolrTitle=Unsupported Solr Version +Server_configureSolrConnection_unsupportedSolrUpgradeOpt=Upgrade Solr Core SolrConnectionCheck.HostnameOrPort=Invalid hostname and/or port number. SolrConnectionCheck.Hostname=Invalid hostname. SolrConnectionCheck.MissingHostname=Missing hostname. diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java index 9d04595f09..b918a81054 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java @@ -57,6 +57,7 @@ import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; import java.util.stream.Collectors; import static java.util.stream.Collectors.toList; +import javax.swing.JOptionPane; import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrRequest; import org.apache.solr.client.solrj.SolrServerException; @@ -82,6 +83,7 @@ import org.apache.solr.common.util.NamedList; import org.openide.modules.InstalledFileLocator; import org.openide.modules.Places; import org.openide.util.NbBundle; +import org.openide.util.NbBundle.Messages; import org.openide.windows.WindowManager; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case.CaseType; @@ -611,18 +613,22 @@ public class Server { startLocalSolr(SOLR_VERSION.SOLR8); } + @Messages({ + "# {0} - indexVersion", + "Server_configureSolrConnection_illegalSolrVersion=The solr version in the case: {0}, is not supported." + }) private void configureSolrConnection(Case theCase, Index index) throws KeywordSearchModuleException, SolrServerNoPortException { try { if (theCase.getCaseType() == CaseType.SINGLE_USER_CASE) { // makes sure the proper local Solr server is running - if (IndexFinder.getCurrentSolrVersion().equals(index.getSolrVersion())) { - startLocalSolr(SOLR_VERSION.SOLR8); - } else { - startLocalSolr(SOLR_VERSION.SOLR4); + if (!IndexFinder.getCurrentSolrVersion().equals(index.getSolrVersion())) { + throw new KeywordSearchModuleException(Bundle.Server_configureSolrConnection_illegalSolrVersion(index.getSolrVersion())); } + startLocalSolr(SOLR_VERSION.SOLR8); + // check if the local Solr server is running if (!this.isLocalSolrRunning()) { logger.log(Level.SEVERE, "Local Solr server is not running"); //NON-NLS @@ -684,8 +690,7 @@ public class Server { if (version == SOLR_VERSION.SOLR8) { localSolrFolder = InstalledFileLocator.getDefault().locate("solr", Server.class.getPackage().getName(), false); //NON-NLS } else { - // solr4 - localSolrFolder = InstalledFileLocator.getDefault().locate("solr4", Server.class.getPackage().getName(), false); //NON-NLS + throw new KeywordSearchModuleException(Bundle.Server_configureSolrConnection_illegalSolrVersion(version.name())); } if (isLocalSolrRunning()) { diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java index d9dd4d921a..f7f82a7b27 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java @@ -18,6 +18,7 @@ */ package org.sleuthkit.autopsy.keywordsearch; +import java.awt.Component; import java.io.File; import java.io.IOException; import java.io.Reader; @@ -26,18 +27,22 @@ import java.util.ArrayList; import java.util.List; import java.util.MissingResourceException; import java.util.logging.Level; +import javax.swing.JOptionPane; import org.apache.solr.client.solrj.SolrServerException; import org.openide.util.NbBundle; import org.openide.util.lookup.ServiceProvider; import org.openide.util.lookup.ServiceProviders; +import org.openide.windows.WindowManager; import org.sleuthkit.autopsy.appservices.AutopsyService; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.CaseMetadata; +import org.sleuthkit.autopsy.core.RuntimeProperties; import org.sleuthkit.autopsy.coreutils.FileUtil; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService; import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchServiceException; +import org.sleuthkit.autopsy.progress.ModalDialogProgressIndicator; import org.sleuthkit.autopsy.progress.ProgressIndicator; import org.sleuthkit.autopsy.textextractors.TextExtractor; import org.sleuthkit.autopsy.textextractors.TextExtractorFactory; @@ -315,11 +320,25 @@ public class SolrSearchService implements KeywordSearchService, AutopsyService { } throw new AutopsyServiceException(Bundle.SolrSearch_unableToFindIndex_msg()); } + + if (context.cancelRequested()) { return; } + if (!IndexFinder.getCurrentSolrVersion().equals(indexToUse.getSolrVersion())) { + Index prevIndex = indexToUse; + indexToUse = tryUpgradeSolrVersion(context, indexToUse); + if (indexToUse != prevIndex) { + indexes.add(indexToUse); + } + } + + if (context.cancelRequested()) { + return; + } + // check if schema is compatible if (!indexToUse.isCompatible(IndexFinder.getCurrentSchemaVersion())) { String msg = "Text index schema version " + indexToUse.getSchemaVersion() + " is not compatible with current schema"; @@ -355,6 +374,71 @@ public class SolrSearchService implements KeywordSearchService, AutopsyService { progress.progress(Bundle.SolrSearch_complete_msg(), totalNumProgressUnits); } + + + private static final long WAIT_TIME_MILLIS = 2000; + + /** + * Attempts to upgrade the solr version to most recent version first prompting the user. + * @param context The case context. + * @param index The current index. + * @return The new index. + * @throws org.sleuthkit.autopsy.appservices.AutopsyService.AutopsyServiceException + */ + @NbBundle.Messages({ + "Server_configureSolrConnection_unsupportedSolrTitle=Unsupported Solr Version", + "# {0} - solrVersion", + "# {1} - caseName", + "Server_configureSolrConnection_unsupportedSolrDesc=

The current Solr version: {0} in the case: {1} is no longer supported. You can continue without upgrading, but Solr will not be usable while the case is open, and you will encounter errors. You can also choose to upgrade the Solr version for the case. If you choose to do this, you will need to run Keyword Search with Solr indexing selected in order to use Solr features like ad hoc search with images in the case.

", + "Server_configureSolrConnection_unsupportedSolrDisableOpt=Continue", + "Server_configureSolrConnection_unsupportedSolrUpgradeOpt=Upgrade Solr Core" + }) + private Index tryUpgradeSolrVersion(CaseContext context, Index index) throws AutopsyServiceException { + // if not, attempt to fix issue + if (RuntimeProperties.runningWithGUI()) { + Component parentComponent = WindowManager.getDefault().getMainWindow(); + if (context.getProgressIndicator() instanceof ModalDialogProgressIndicator progInd && progInd.getDialog() != null) { + parentComponent = progInd.getDialog(); + + } + + if (context.cancelRequested()) { + return index; + } + + try { + // progress updates occur right before this in the same window, so there is the possibility that + // the progress window will update just after the option pane is shown causing the option pane to + // not be visible or selectable. This sleep is added to give the window enough time to finish + Thread.sleep(WAIT_TIME_MILLIS); + } catch (InterruptedException ex) { + // just proceed if interrupted + } + + if (context.cancelRequested()) { + return index; + } + + int selection = JOptionPane.showOptionDialog( + parentComponent, + Bundle.Server_configureSolrConnection_unsupportedSolrDesc(index.getSolrVersion(), context.getCase().getDisplayName()), + Bundle.Server_configureSolrConnection_unsupportedSolrTitle(), + JOptionPane.YES_NO_OPTION, + JOptionPane.WARNING_MESSAGE, + null, + new Object[]{ + Bundle.Server_configureSolrConnection_unsupportedSolrDisableOpt(), + Bundle.Server_configureSolrConnection_unsupportedSolrUpgradeOpt() + }, + Bundle.Server_configureSolrConnection_unsupportedSolrDisableOpt()); + + if (selection == 1) { + return IndexFinder.createLatestVersionIndex(context.getCase()); + } + } + + throw new AutopsyServiceException("Unsupported Solr version: " + index.getSolrVersion()); + } /** * Closes the open core. From e57bbc41e4d3fc3064550cc35408614acbf2ecb7 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Fri, 22 Sep 2023 14:31:36 -0400 Subject: [PATCH 15/15] message updates --- .../autopsy/keywordsearch/Bundle.properties-MERGED | 6 +++--- .../sleuthkit/autopsy/keywordsearch/SolrSearchService.java | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED index 6db88c1ba0..ffdaa49829 100755 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED @@ -52,7 +52,7 @@ KeywordSearchResultFactory.createNodeForKey.noResultsFound.text=No results found KeywordSearchResultFactory.query.exception.msg=Could not perform the query OpenIDE-Module-Display-Category=Ingest Module -OpenIDE-Module-Long-Description=Keyword Search ingest module.\n\nThe module indexes files found in the disk image at ingest time.\nIt then periodically runs the search on the indexed files using one or more keyword lists (containing pure words and/or regular expressions) and posts results.\n\nThe module also contains additional tools integrated in the main GUI, such as keyword list configuration, keyword search bar in the top-right corner, extracted text viewer and search results viewer showing highlighted keywords found. +OpenIDE-Module-Long-Description=Keyword Search ingest module.\n\nThe module indexes files found in the disk image at ingest time.\nIt then periodically runs the search on the indexed files using one or more keyword lists (containing pure words and/or regular expressions) and posts results.\n\n\The module also contains additional tools integrated in the main GUI, such as keyword list configuration, keyword search bar in the top-right corner, extracted text viewer and search results viewer showing highlighted keywords found. OpenIDE-Module-Name=KeywordSearch OptionsCategory_Name_KeywordSearchOptions=Keyword Search OptionsCategory_Keywords_KeywordSearchOptions=Keyword Search @@ -310,9 +310,9 @@ Server.status.failed.msg=Local Solr server did not respond to status request. Th Server_configureSolrConnection_illegalSolrVersion=The solr version in the case: {0}, is not supported. # {0} - solrVersion # {1} - caseName -Server_configureSolrConnection_unsupportedSolrDesc=

The current Solr version: {0} in the case: {1} is no longer supported. You can continue without upgrading, but Solr will not be usable while the case is open, and you will encounter errors. You can also choose to upgrade the Solr version for the case. If you choose to do this, you will need to run Keyword Search with Solr indexing selected in order to use Solr features like ad hoc search with images in the case.

+Server_configureSolrConnection_unsupportedSolrDesc=

This case was made with an older version of Keyword Search that is no longer supported. You can continue without upgrading, but some Keyword Search functionality will not be usable while the case is open, and you will encounter errors. You can also choose to upgrade the Keyword Search version for the case. If you choose to do this, you will need to run Keyword Search with Solr indexing selected in order to use features like ad hoc search with images in the case.

Server_configureSolrConnection_unsupportedSolrDisableOpt=Continue -Server_configureSolrConnection_unsupportedSolrTitle=Unsupported Solr Version +Server_configureSolrConnection_unsupportedSolrTitle=Unsupported Keyword Search in Case Server_configureSolrConnection_unsupportedSolrUpgradeOpt=Upgrade Solr Core SolrConnectionCheck.HostnameOrPort=Invalid hostname and/or port number. SolrConnectionCheck.Hostname=Invalid hostname. diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java index f7f82a7b27..8c6278b5b2 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/SolrSearchService.java @@ -386,10 +386,10 @@ public class SolrSearchService implements KeywordSearchService, AutopsyService { * @throws org.sleuthkit.autopsy.appservices.AutopsyService.AutopsyServiceException */ @NbBundle.Messages({ - "Server_configureSolrConnection_unsupportedSolrTitle=Unsupported Solr Version", + "Server_configureSolrConnection_unsupportedSolrTitle=Unsupported Keyword Search in Case", "# {0} - solrVersion", "# {1} - caseName", - "Server_configureSolrConnection_unsupportedSolrDesc=

The current Solr version: {0} in the case: {1} is no longer supported. You can continue without upgrading, but Solr will not be usable while the case is open, and you will encounter errors. You can also choose to upgrade the Solr version for the case. If you choose to do this, you will need to run Keyword Search with Solr indexing selected in order to use Solr features like ad hoc search with images in the case.

", + "Server_configureSolrConnection_unsupportedSolrDesc=

This case was made with an older version of Keyword Search that is no longer supported. You can continue without upgrading, but some Keyword Search functionality will not be usable while the case is open, and you will encounter errors. You can also choose to upgrade the Keyword Search version for the case. If you choose to do this, you will need to run Keyword Search with Solr indexing selected in order to use features like ad hoc search with images in the case.

", "Server_configureSolrConnection_unsupportedSolrDisableOpt=Continue", "Server_configureSolrConnection_unsupportedSolrUpgradeOpt=Upgrade Solr Core" }) @@ -437,7 +437,7 @@ public class SolrSearchService implements KeywordSearchService, AutopsyService { } } - throw new AutopsyServiceException("Unsupported Solr version: " + index.getSolrVersion()); + throw new AutopsyServiceException("Unsupported Keyword Search (Solr " + index.getSolrVersion() + ")"); } /**