search

Sysinternals / SysmonForLinux

MIT License
1.73k stars 182 forks source link

Unable to locate package sysmonforlinux #152

Closed Jiahao0 closed 11 months ago

Jiahao0 commented 11 months ago

Describe the bug Hi, I want to try it on Linux, but can't find the pkg. Any suggesion?

root@ThinkPad-L14-Gen-1:~# apt-get update
Hit:1 http://cn.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://cn.archive.ubuntu.com/ubuntu focal-updates InRelease                                         
Hit:3 http://cn.archive.ubuntu.com/ubuntu focal-backports InRelease                                       
Hit:4 https://download.docker.com/linux/ubuntu focal InRelease                                            
Hit:5 https://dl.google.com/linux/chrome/deb stable InRelease                                             
Get:6 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]  
Get:7 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 Metadata [59.8 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-11 Metadata [97.0 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DEP-11 Metadata [940 B]
Fetched 272 kB in 2s (137 kB/s)    
Reading package lists... Done
root@ThinkPad-L14-Gen-1:~# uname -a
Linux ThinkPad-L14-Gen-1 5.15.0-76-generic #83~20.04.1-Ubuntu SMP Wed Jun 21 20:23:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
root@ThinkPad-L14-Gen-1:~# apt-get install sysmonforlinux
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package sysmonforlinux

To Reproduce Steps to reproduce the behavior.

Sysmon version Version of Sysmon or if built from source.

Distro/kernel version The distribution and kernel version.

Sysmon configuration The Sysmon configuration when the issue occurred.

Logs Output of syslog with enough log entries to cover the timespan of the issue. Please run sysmon with the -t switch

Expected behavior A clear and concise description of what you expected to happen.

Additional context Add any other context about the problem here.

MarioHewardt commented 11 months ago

Hi - Please make sure you register the Microsoft feed/key as per instructions here - https://github.com/Sysinternals/SysmonForLinux/blob/main/INSTALL.md#1-register-microsoft-key-and-feed

Jiahao0 commented 11 months ago

Thanks for the reply. I did the step 1 of given instructions, but still cannot get it installed. Please have a look. Log:

root@tegra-ubuntu:/tmp# wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb 
root@tegra-ubuntu:/tmp# ls
packages-microsoft-prod.deb
root@tegra-ubuntu:/tmp# dpkg -i ./packages-microsoft-prod.deb 
Selecting previously unselected package packages-microsoft-prod.
(Reading database ... 35183 files and directories currently installed.)
Preparing to unpack ./packages-microsoft-prod.deb ...
Unpacking packages-microsoft-prod (1.0-ubuntu20.04.1) ...
Setting up packages-microsoft-prod (1.0-ubuntu20.04.1) ...
root@tegra-ubuntu:/tmp# apt-get update
Hit:1 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease
Hit:2 http://ports.ubuntu.com/ubuntu-ports focal InRelease
Hit:3 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
Get:4 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [114 kB]
Get:5 http://ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages [2179 kB]
Get:6 http://ports.ubuntu.com/ubuntu-ports focal-updates/main Translation-en [474 kB]
Fetched 2766 kB in 3s (839 kB/s)                               
Reading package lists... Done
root@tegra-ubuntu:/tmp# apt-get install sysmonforlinux
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package sysmonforlinux
Kahz3l commented 11 months ago

I also cannot install from Package Source with Debian 11/ Bullseye/ RaspianOS.

root@mx2:~ # wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg -                                                                                                             -dearmor > microsoft.asc.gpg
root@mx2:~ # mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
root@mx2:~ # wget -q https://packages.microsoft.com/config/debian/11/prod.list
root@mx2:~ # mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
root@mx2:~ # chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
root@mx2:~ # chown root:root /etc/apt/sources.list.d/microsoft-prod.list
root@mx2:~ # apt-get update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian bullseye-updates InRelease
Hit:3 http://deb.debian.org/debian bullseye-backports InRelease
Hit:4 http://security.debian.org/debian-security bullseye-security InRelease
(...)
Get:12 https://packages.microsoft.com/debian/11/prod bullseye/main amd64 Package                                                                                                             s [125 kB]
Get:13 https://packages.microsoft.com/debian/11/prod bullseye/main armhf Package                                                                                                             s [25.2 kB]
Get:14 https://packages.microsoft.com/debian/11/prod bullseye/main all Packages                                                                                                              [1,149 B]
Get:15 https://packages.microsoft.com/debian/11/prod bullseye/main arm64 Package                                                                                                             s [27.3 kB]
Fetched 182 kB in 6s (31.5 kB/s)
Reading package lists... Done
root@mx2:~ # apt-get install apt-transport-https
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
apt-transport-https is already the newest version (2.2.4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@mx2:~ # apt-get install sysmonforlinux
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package sysmonforlinux
MarioHewardt commented 11 months ago

@Kahz3l It looks like you are trying to install Sysmon on arm? If so, arm is not supported for Sysmon yet.

@Jiahao0 It looks like for the first instance you were attempting to install on amd64 and the second for arm. Is that accurate? We do support amd64 but arm is not yet supported. I've attempted to reproduce the issue on amd64 but I'm unable to following the install instructions.

Jiahao0 commented 11 months ago

@MarioHewardt Yes, I first tried it on x86, then on arm64. Later with microsoft.asc, the installation worked on x86, but not on arm64. It is a pity arm is not supported yet, looking forward to arm version.

Tks.