Skip to content

feat: linux compatibility and config auto gen in cli#47

Open
vividDuck wants to merge 1 commit intoMarkBaggett:masterfrom
vividDuck:linux-compat-cli
Open

feat: linux compatibility and config auto gen in cli#47
vividDuck wants to merge 1 commit intoMarkBaggett:masterfrom
vividDuck:linux-compat-cli

Conversation

@vividDuck
Copy link
Copy Markdown

@vividDuck vividDuck commented Dec 21, 2025

Add Linux/Ubuntu CLI Support - Cross-Platform Compatibility

Summary

This PR enables srum-dump to run on Linux/Ubuntu systems while maintaining full Windows functionality. The CLI now works seamlessly on Ubuntu for processing SRUM forensic data without requiring Windows-specific dependencies or GUI libraries.

Problem Statement

Previously, srum-dump was tightly coupled to Windows, making it impossible to use on Linux systems commonly used in DFIR labs:

  • Hard dependencies on pywin32 (Windows-only)
  • Windows-specific .whl file in requirements
  • No platform checks for Windows-only features (VSS, esentutl)
  • Mandatory tkinter import causing crashes on headless Linux systems
  • Fixed config file logic preventing first-time CLI usage

Changes Made

1. Optional UI Dependencies (srum_dump.py)

  • Made tkinter and ui_tk imports optional with graceful fallback
  • Added UI_AVAILABLE flag to detect GUI capability
  • Created stub classes for headless operation
  • Progress updates print to console when GUI unavailable

2. Platform-Aware Imports (srum_dump.py)

  • Made copy_locked import optional (Windows-only VSS features)
  • Made ctypes import optional (Windows admin checks)
  • Added platform checks before invoking Windows-specific code

3. Fixed Config File Logic (srum_dump.py)

  • Auto-create config directory if missing
  • Generate default config on first run (no longer errors)
  • Removed blocking check that prevented CLI-only usage

4. Cross-Platform File Operations (ui_tk.py)

  • Added open_file_with_default_app() function
  • Platform detection: os.startfile() (Windows), xdg-open (Linux), open (macOS)
  • Graceful error handling for unsupported platforms

5. Platform-Conditional Dependencies (requirements-linux.txt)

openpyxl==3.1.5
dissect. esedb==3.15
python-registry==1.3.1
PyYAML==6.0.2
pywin32==310; sys_platform == 'win32'
  • Uses pip environment markers for Windows-only packages
  • Single requirements file works on all platforms

6. Windows-Specific Feature Guards (copy_locked.py)

  • Added WINDOWS_AVAILABLE flag
  • All VSS/esentutl functions check platform before execution
  • Clear NotImplementedError messages on Linux
  • Cross-platform file copy (Windows copy, Linux cp)

Usage

Linux/Ubuntu (NEW!)

# Install dependencies
pip install -r requirements-linux.txt

# Process SRUM database
python srum-dump/srum_dump.py \
  -i /path/to/SRUDB.DAT \
  -o /path/to/output \
  -e dissect \
  -f csv \
  -q

Windows (Unchanged)

# GUI mode
python srum-dump/srum_dump.py

# CLI mode
python srum-dump/srum_dump.py -i SRUDB.DAT -o output/ -q

Features

✅ Now Works on Linux

  • Full SRUM database parsing
  • CSV and Excel output
  • Registry hive enrichment
  • Both dissect and pyesedb engines
  • Headless/CLI operation

⚠️ Windows-Only Features (Gracefully Disabled on Linux)

  • Volume Shadow Copy (VSS) extraction
  • Live locked-file extraction
  • ESENT integrity checking (esentutl)
  • GUI dialogs

Testing

Tested on:

  • ✅ Ubuntu 22.04 LTS with Python 3.12
  • ✅ Windows 11 with Python 3.12
  • ✅ CLI mode (-q flag) on both platforms
  • ✅ CSV and Excel output formats
  • ✅ With and without SOFTWARE registry hive

Breaking Changes

None - All existing Windows functionality preserved. Changes are additive only.

Benefits

  1. Expanded Platform Support - DFIR analysts can now use Linux workstations
  2. Docker/Container Ready - Can run in headless Linux containers
  3. Cloud Computing - Process SRUM files on Linux cloud instances
  4. Automation - Better CI/CD integration with Linux-based pipelines
  5. Flexibility - Choose best platform for your workflow

Documentation

Consider adding:

  • LINUX_SETUP. md with installation/usage instructions
  • README updates noting Linux support
  • Note about -q flag requirement on Linux

Related Issues

Closes #[issue_number] - Request for Linux support

Checklist

  • Code works on Linux/Ubuntu
  • Code still works on Windows
  • No breaking changes to existing functionality
  • Platform checks added for OS-specific features
  • Graceful degradation when features unavailable
  • CLI mode fully functional without GUI

Note: This enables the core SRUM parsing functionality on Linux. Windows-specific extraction features (VSS, live file access) remain Windows-exclusive, which is appropriate given they rely on Windows APIs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vividDuck @Hullgj