search

digitalsleuth / WIN-FOR

Windows Forensics Environment Builder
https://digitalsleuth.gitbook.io/win-for-documentation/
MIT License
103 stars 18 forks source link

WSL - Sift / Remnux #5

Closed Jonesckevin closed 8 months ago

Jonesckevin commented 8 months ago

I am not sure why, but the install for WSL Sift and RemNux was giving me issues.

to fix it, I manually installed cast and installed Sift and RemNux through their new system.

wet https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.deb
sudo dpkg -i cast_v0.14.0_linux_amd64.deb
sudo cast install teamdfir/sift-saltstack
sudo cast install remnux/salt-states
digitalsleuth commented 8 months ago

Hey @Jonesckevin , what kind of errors were you receiving?

Jonesckevin commented 8 months ago

Here is the initial error:

--- WSL2 Setup Results ---
[+] Succeeded: 19 (changed=13)
[!] Failed:     0

--- WSL2 Configuration Results ---
[+] Succeeded: 11 (changed=6)
[!] Failed:     8
[!] To determine the cause of the failures, review the log file C:\winfor-wsl.log and search for lines containing
[ERROR   ] or review C:\winfor-wsl-errors.log for a less verbose listing.
[!] In order to ensure all configuration changes are successful, it is recommended to reboot before first use.

Here is the WSL - Error log

          ID: wsl-import-template
    Function: cmd.run
        Name: wsl --import WIN-FOR C:\tools\wsl\ C:\salt\tempdownload\WIN-FOR-20.04.tar
      Result: False
     Comment: Command "wsl --import WIN-FOR C:\tools\wsl\ C:\salt\tempdownload\WIN-FOR-20.04.tar" run
     Started: 10:07:01.798883
    Duration: 109.615 ms

-------------
          ID: wsl-get-cast
    Function: cmd.run
        Name: wsl -d WIN-FOR echo forensics | wsl -d WIN-FOR sudo -S wget -O /tmp/cast_v0.14.0_linux_amd64.deb https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.deb
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-import-template
     Started: 10:07:01.908498
    Duration: 0.0 ms

-------------
          ID: wsl-install-cast
    Function: cmd.run
        Name: wsl -d WIN-FOR echo forensics | wsl -d WIN-FOR sudo -S apt-get install -y /tmp/cast_v0.14.0_linux_amd64.deb
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-get-cast
     Started: 10:07:01.908498
    Duration: 0.0 ms

-------------
          ID: wsl-install-sift
    Function: cmd.run
        Name: wsl -d WIN-FOR echo forensics | wsl -d WIN-FOR sudo -S cast install --mode server --user forensics sift
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-install-cast
     Started: 10:07:01.908498
    Duration: 0.0 ms

-------------
          ID: wsl-install-remnux
    Function: cmd.run
        Name: wsl -d WIN-FOR echo forensics | wsl -d WIN-FOR sudo -S cast install --mode addon --user forensics remnux
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-install-sift
     Started: 10:07:01.924460
    Duration: 0.0 ms

-------------
          ID: wsl-shortcut
    Function: file.shortcut
        Name: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Subsystem for Linux.lnk
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-import-template
     Started: 10:07:01.924460
    Duration: 0.0 ms

-------------
          ID: wsl-portals-shortcut
    Function: file.copy
        Name: C:\tools\Portals\Terminals\
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-shortcut, winfor.wsl.wsl-config.wsl-import-template
     Started: 10:07:01.924460
    Duration: 0.0 ms

-------------
          ID: wsl-delete-template
    Function: file.absent
        Name: C:\salt
      Result: False
     Comment: One or more requisite failed: winfor.wsl.wsl-config.wsl-import-template
     Started: 10:07:01.924460
    Duration: 0.0 ms

-------------
digitalsleuth commented 8 months ago

@Jonesckevin Any chance you can share the winfor-wsl.log so I can see what might have caused the issue?

Jonesckevin commented 8 months ago

Forgot to mention that I installed the Terminal from the Microsoft store.

winfor-wsl.log

digitalsleuth commented 8 months ago

Hi @Jonesckevin , it looks like that, from the error in the log, the WIN-FOR WSL was already installed: "A distribution with the supplied name already exists" That's what the original cause was, but it does highlight a need for me to determine if WIN-FOR already exists, and if so, to "update" it accordingly, or leave it alone, thus not resulting in an error.

I'll look into this. However, on the flip side, since WIN-FOR was already install in WSL, you would be able to either launch the distro (if it was the only one), or switch to it, and run the "sudo cast install sift" and "sudo cast install remnux" and they should complete successfully.

Thanks for bringing this to my attention! I'll take a look at the unit test for WSL and make some changes :)

Cheers!

Jonesckevin commented 8 months ago

Sounds good.

I ran the installer multiple times, because it doesn't seem to always work on the first shot for me. Very hit or miss on the platform I use at the time.

After it failed, I manually installed the Terminal through the Microsoft store. Once I was able to open the Terminal, the WIN-FOR environment did already exist. But since it wasn't able to open, it never installed anything afterwards due to that. So I just manually did the sift and remnux part.