[CLI] Installation Completed with Failures

[hackdefendr]

I started with vanilla Ubuntu Server 16.04.

The installation ends with:

Completed with Failures -- Success: 517, Failure: 12

How can I find out which 12 failed? Is there a log of the installation beyond STDOUT?

[hackdefendr]

So apparently the Ubuntu desktop is required. After installing that I now have this:

Completed with Failures -- Success: 525, Failure: 4

I did find where things are logged, but I do not know what to search for...I am going to trying a few things. If someone can help before I get it right...please chime in.

Thanks,

[ekristen]

@hackdefendr basically looking for result: false in the install log. You can post it here or you can review it.

The CLI uses saltstack and we do not roll back in the face of an error, so there were 525 successes and that won't change, that means that for all intents and purposes SIFT is installed.

I've opened https://github.com/sans-dfir/sift/issues/230 as an issue for me to track to get better support into the CLI tool to show errors.

[milshtyn]

I had the same issue when running installation on Ubuntu Server 16.04 in AWS as @hackdefendr with the exact same number of failures. I've pulled the logs with the failures (attached here). SIFTInstallFailures.txt Note: One failure is missing I think. Didn't have time to figure out which one I missed.

The important thing here is that after install, running sift upgrade, I get an error saying that SIFT is not installed.

[ekristen]

Only Ubuntu desktop is supported with full install as full install includes GUI tweaks, PDFs and more.

Erik

Sent from my iPhone

On Feb 16, 2018, at 05:52, milshtyn notifications@github.com wrote:

I had the same issue when running installation on Ubuntu Server 16.04 in AWS as @hackdefendr with the exact same number of failures. I've pulled the logs with the failures (attached here). SIFTInstallFailures.txt Note: One failure is missing I think. Didn't have time to figure out which one I missed.

The important thing here is that after install, running sift upgrade, I get an error saying that SIFT is not installed.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[milshtyn]

Thanks, Erik. What's interesting is that SANS published a whitepaper on Digital Forensic Analysis of Amazon Linux EC2 Instances, which describes steps to install SIFT on an Ubuntu AMI suggesting to do it on an Ubuntu Server. Weird.

Link to paper: https://www.sans.org/reading-room/whitepapers/cloud/digital-forensic-analysis-amazon-linux-ec2-instances-38235

Thanks, Ilya

On Fri, Feb 16, 2018 at 8:37 AM, Erik Kristensen notifications@github.com wrote:

Only Ubuntu desktop is supported with full install as full install includes GUI tweaks, PDFs and more.

Erik

Sent from my iPhone

On Feb 16, 2018, at 05:52, milshtyn notifications@github.com wrote:

I had the same issue when running installation on Ubuntu Server 16.04 in AWS as @hackdefendr with the exact same number of failures. I've pulled the logs with the failures (attached here). SIFTInstallFailures.txt Note: One failure is missing I think. Didn't have time to figure out which one I missed.

The important thing here is that after install, running sift upgrade, I get an error saying that SIFT is not installed.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/226#issuecomment-366252324, or mute the thread https://github.com/notifications/unsubscribe-auth/Ai2DsMR2dFO8RUX-Tp4Z3jEUYDbMcsINks5tVZKrgaJpZM4SBc2u .

[ekristen]

There’s nothing stopping you from using AWS, but you have to use 16.04 not 17.01 and realize that certain things won’t be successful on a server version.

I’m working on figuring out how detect install targets a bit better and make it more clear.

Erik

Sent from my iPhone

On Feb 16, 2018, at 10:51, milshtyn notifications@github.com wrote:

Thanks, Erik. What's interesting is that SANS published a whitepaper on Digital Forensic Analysis of Amazon Linux EC2 Instances, which describes steps to install SIFT on an Ubuntu AMI suggesting to do it on an Ubuntu Server. Weird.

Link to paper: https://www.sans.org/reading-room/whitepapers/cloud/digital-forensic-analysis-amazon-linux-ec2-instances-38235

Thanks, Ilya

On Fri, Feb 16, 2018 at 8:37 AM, Erik Kristensen notifications@github.com wrote:

Only Ubuntu desktop is supported with full install as full install includes GUI tweaks, PDFs and more.

Erik

Sent from my iPhone

On Feb 16, 2018, at 05:52, milshtyn notifications@github.com wrote:

I had the same issue when running installation on Ubuntu Server 16.04 in AWS as @hackdefendr with the exact same number of failures. I've pulled the logs with the failures (attached here). SIFTInstallFailures.txt Note: One failure is missing I think. Didn't have time to figure out which one I missed.

The important thing here is that after install, running sift upgrade, I get an error saying that SIFT is not installed.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/226#issuecomment-366252324, or mute the thread https://github.com/notifications/unsubscribe-auth/Ai2DsMR2dFO8RUX-Tp4Z3jEUYDbMcsINks5tVZKrgaJpZM4SBc2u .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[MMULLINIX1]

Thank you Eric, I will keep an eye out for that as I am starting to work on the same thing. I would also like to use this in a teaching environment.

Michelle

On Fri, Feb 16, 2018 at 12:53 PM, Erik Kristensen notifications@github.com wrote:

There’s nothing stopping you from using AWS, but you have to use 16.04 not 17.01 and realize that certain things won’t be successful on a server version.

I’m working on figuring out how detect install targets a bit better and make it more clear.

Erik

Sent from my iPhone

On Feb 16, 2018, at 10:51, milshtyn notifications@github.com wrote:

Thanks, Erik. What's interesting is that SANS published a whitepaper on Digital Forensic Analysis of Amazon Linux EC2 Instances, which describes steps to install SIFT on an Ubuntu AMI suggesting to do it on an Ubuntu Server. Weird.

Link to paper: https://www.sans.org/reading-room/whitepapers/cloud/ digital-forensic-analysis-amazon-linux-ec2-instances-38235

Thanks, Ilya

On Fri, Feb 16, 2018 at 8:37 AM, Erik Kristensen < notifications@github.com> wrote:

Only Ubuntu desktop is supported with full install as full install includes GUI tweaks, PDFs and more.

Erik

Sent from my iPhone

On Feb 16, 2018, at 05:52, milshtyn notifications@github.com wrote:

I had the same issue when running installation on Ubuntu Server 16.04 in AWS as @hackdefendr with the exact same number of failures. I've pulled the logs with the failures (attached here). SIFTInstallFailures.txt Note: One failure is missing I think. Didn't have time to figure out which one I missed.

The important thing here is that after install, running sift upgrade, I get an error saying that SIFT is not installed.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/226#issuecomment-366252324, or mute the thread https://github.com/notifications/unsubscribe-auth/Ai2DsMR2dFO8RUX- Tp4Z3jEUYDbMcsINks5tVZKrgaJpZM4SBc2u .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/226#issuecomment-366309612, or mute the thread https://github.com/notifications/unsubscribe-auth/AI8mehK6yj6a_CvLIBBFPh7asUHGlmmxks5tVcCygaJpZM4SBc2u .

[MMULLINIX1]

The SIFT on AWS that is. :)

On Fri, Feb 16, 2018 at 5:18 PM, Michelle Mullinix < michelle.d.mullinix@gmail.com> wrote:

Thank you Eric, I will keep an eye out for that as I am starting to work on the same thing. I would also like to use this in a teaching environment.

Michelle

On Fri, Feb 16, 2018 at 12:53 PM, Erik Kristensen < notifications@github.com> wrote:

There’s nothing stopping you from using AWS, but you have to use 16.04 not 17.01 and realize that certain things won’t be successful on a server version.

I’m working on figuring out how detect install targets a bit better and make it more clear.

Erik

Sent from my iPhone

On Feb 16, 2018, at 10:51, milshtyn notifications@github.com wrote:

Thanks, Erik. What's interesting is that SANS published a whitepaper on Digital Forensic Analysis of Amazon Linux EC2 Instances, which describes steps to install SIFT on an Ubuntu AMI suggesting to do it on an Ubuntu Server. Weird.

Link to paper: https://www.sans.org/reading-room/whitepapers/cloud/digital- forensic-analysis-amazon-linux-ec2-instances-38235

Thanks, Ilya

On Fri, Feb 16, 2018 at 8:37 AM, Erik Kristensen < notifications@github.com> wrote:

Only Ubuntu desktop is supported with full install as full install includes GUI tweaks, PDFs and more.

Erik

Sent from my iPhone

On Feb 16, 2018, at 05:52, milshtyn notifications@github.com wrote:

I had the same issue when running installation on Ubuntu Server 16.04 in AWS as @hackdefendr with the exact same number of failures. I've pulled the logs with the failures (attached here). SIFTInstallFailures.txt Note: One failure is missing I think. Didn't have time to figure out which one I missed.

The important thing here is that after install, running sift upgrade, I get an error saying that SIFT is not installed.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/226#issuecomment-366252324, or mute the thread https://github.com/notifications/unsubscribe-auth/ Ai2DsMR2dFO8RUX-Tp4Z3jEUYDbMcsINks5tVZKrgaJpZM4SBc2u .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/226#issuecomment-366309612, or mute the thread https://github.com/notifications/unsubscribe-auth/AI8mehK6yj6a_CvLIBBFPh7asUHGlmmxks5tVcCygaJpZM4SBc2u .

[milshtyn]

Michelle, Despite the failures, I was still able to get some of my forensics activities done using the "partial" install. Seems most of the tools were working (e.g. log2timeline.py, fls, mactime, foremost).

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.