List and parse content of Systemd timers.
name: Linux.Sys.SystemdTimer
author: Wes Lambert - @therealwlambert
description: List and parse content of Systemd timers.
reference:
- https://www.digitalforensics.ch/nikkel18.pdf
- https://lloydrochester.com/post/unix/systemd-timer-example/
parameters:
- name: TimerLocation
default: /lib/systemd/system/*.timer,/usr/lib/systemd/system/*.timer,/etc/systemd/system/*.timer,~/.config/systemd/user/*.timer
description: The location of Systemd timers
sources:
- precondition: |
SELECT OS From info() where OS = 'linux'
queries:
- |
SELECT *, read_file(filename=OSPath) FROM glob(globs=split(string=TimerLocation, sep=","))