search

teamdfir / sift

SIFT
MIT License
489 stars 67 forks source link

[CLI] saltstack installation fails. #274

Closed sansstudent closed 6 years ago

sansstudent commented 6 years ago

Hello, thanks for all your passion for this project. I would like to use your software, unfortunately i was not able to install your software using different ways. I'm using virtual box to run the sift workstation.

my environment: brand new ubuntu 16.04 lts desktop with unity Linux siftworkstation 4.13.0-43-generic #48~16.04.1-Ubuntu SMP Thu May 17 12:56:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.4 LTS Release: 16.04 Codename: xenial Installed from scratch, complete english, timezone utc. no additional packages installed updates via apt-get updates, apt-get upgrades, apt-get dist-upgrade,
rebooted First try, using the recommended way via cli, with no success.

Second try, again with a brand new ubuntu, installed as above, using the saltstack way described here: https://github.com/sans-dfir/sift-saltstack

Ubuntu 16.04 Machine
Install Saltstack (see below)
Import the PGP Key - gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys 22598A94
Download the latest signed releases files
Verify the latest signed release files with GPG
Extract the .tar.gz file to /tmp/salt (make sure this README.md is in the root of /tmp/salt)
sudo salt-call -l info --local --file-root=/tmp/salt state.apply sift.vm

--> result:

      ID: sift-config
Function: test.nop
  Result: False
 Comment: One or more requisite failed: sift.config.folders.config-folder-cases, sift.config.user.sift-config-user
 Changes:   
      ID: sift-version-file
Function: file.managed
    Name: /etc/sift-version
  Result: False
 Comment: One or more requisite failed: sift.config.sift-config, sift.python-packages.sift-python-packages, sift.packages.sift-packages
 Changes:

Summary for local

Succeeded: 490 (changed=417) Failed: 49

Total states run: 539 Total run time: 2517.263 s

packes, which are not installed are at least:

      ID: lxml
Function: pip.installed
  Result: False
 Comment: One or more requisite failed: sift.packages.libxslt-dev.libxslt-dev
 Changes:   
      ID: ioc_writer
Function: pip.installed
  Result: False
 Comment: One or more requisite failed: sift.python-packages.lxml.lxml
 Changes:
      ID: python-volatility-community-plugins
Function: git.latest
    Name: https://github.com/sans-dfir/volatility-plugins-community.git
  Result: False
 Comment: One or more requisite failed: sift.python-packages.lxml.lxml, sift.python-packages.ioc_writer.ioc_writer
 Changes:   
      ID: sift-packages
Function: test.nop
  Result: False
 Comment: One or more requisite failed: sift.packages.python-volatility.python-volatility-community-plugins, sift.packages.libxslt-dev.libxslt-dev
 Changes:   
      ID: stix
Function: pip.installed
  Result: False
 Comment: One or more requisite failed: sift.python-packages.lxml.lxml
 Changes:   
      ID: stix-validator
Function: pip.installed
  Result: False
 Comment: One or more requisite failed: sift.python-packages.stix.stix
 Changes:   
      ID: sift-python-packages
Function: test.nop
  Result: False
 Comment: One or more requisite failed: sift.python-packages.lxml.lxml, sift.python-packages.stix-validator.stix-validator, sift.python-packages.stix.stix, sift.python-packages.ioc_writer.ioc_writer
 Changes:   
      ID: sift-user-sansforensics
Function: user.present
    Name: sansforensics
  Result: False
 Comment: Default group with name "sansforensics" is not present
 Started: 17:46:07.810188
Duration: 1.632 ms
 Changes:   
      ID: sift-config-user-bash-aliases
Function: file.managed
    Name: /home/sansforensics/.bash_aliases
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-config-user-bash-aliases-user
Function: file.append
    Name: /home/sansforensics/.bash_aliases
  Result: False
 Comment: One or more requisite failed: sift.config.user.bash-aliases.sift-config-user-bash-aliases
 Changes:   
      ID: rc-noclobber
Function: file.append
    Name: /home/sansforensics/.bashrc
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: rekall-path
Function: file.append
    Name: /home/sansforensics/.bashrc
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-config-user-prompt-command
Function: file.append
    Name: /home/sansforensics/.bashrc
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-config-user-prompt
Function: file.append
    Name: /home/sansforensics/.bashrc
  Result: False
 Comment: One or more requisite failed: sift.config.user.bash-rc.sift-config-user-prompt-command, sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: rc-root-noclobber
Function: file.append
    Name: /root/.bashrc
  Result: False
 Comment: One or more requisite failed: sift.config.user.bash-rc.rekall-path
 Changes:  
      ID: folders-config-autostart
Function: file.directory
    Name: /home/sansforensics/.config/autostart
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-network-forensics
Function: file.managed
    Name: /home/sansforensics/Desktop/Network-Forensics-Poster.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-dfir-threat-intel
Function: file.managed
    Name: /home/sansforensics/Desktop/DFIR-Threat-Intel-Poster.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-sift-remnux
Function: file.managed
    Name: /home/sansforensics/Desktop/SIFT-REMnux-Poster.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-memory-foreniscs
Function: file.managed
    Name: /home/sansforensics/Desktop/Memory-Forensics-Poster.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-cheatsheet-rekall
Function: file.managed
    Name: /home/sansforensics/Desktop/Rekall-Cheatsheet.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-dfir-smartphone
Function: file.managed
    Name: /home/sansforensics/Desktop/DFIR-Smartphone-Forensics-Poster.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-windows-forensics
Function: file.managed
    Name: /home/sansforensics/Desktop/Windows-Forensics-Poster.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-poster-find-evil
Function: file.managed
    Name: /home/sansforensics/Desktop/Find-Evil.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-cheatsheet-sift
Function: file.managed
    Name: /home/sansforensics/Desktop/SIFT-Cheatsheet.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-guide-linux-shell-survival
Function: file.managed
    Name: /home/sansforensics/Desktop/Linux-Shell-Survival-Guide.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-cheatsheet-windows-to-unix
Function: file.managed
    Name: /home/sansforensics/Desktop/Windows-to-Unix-Cheatsheet.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-cheatsheet-volatility
Function: file.managed
    Name: /home/sansforensics/Desktop/Volatility-Cheatsheet.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-pdf-cheatsheet-hexfile-regex
Function: file.managed
    Name: /home/sansforensics/Desktop/Hex-File-Regex-Cheatsheet.pdf
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-config-user-rekall-rc
Function: file.managed
    Name: /home/sansforensics/.rekallrc
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: symlinks-user-desktop-directory
Function: file.directory
    Name: /home/sansforensics/Desktop
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: symlinks-mount-points
Function: file.symlink
    Name: /home/sansforensics/Desktop/mount_points
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics, sift.config.user.symlinks.symlinks-user-desktop-directory
 Changes:   
      ID: symlinks-cases
Function: file.symlink
    Name: /home/sansforensics/Desktop/cases
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics, sift.config.user.symlinks.symlinks-user-desktop-directory
 Changes: 
      ID: sift-config-theme-gtk
Function: cmd.run
    Name: gsettings set org.gnome.desktop.interface gtk-theme Arc
  Result: False
 Comment: Desired working directory "/home/sansforensics" is not available
 Started: 17:46:32.628113
Duration: 3.333 ms
 Changes:   
      ID: sift-config-theme-icon
Function: cmd.run
    Name: gsettings set org.gnome.desktop.interface icon-theme Arc-Icons
  Result: False
 Comment: Desired working directory "/home/sansforensics" is not available
 Started: 17:46:32.634708
Duration: 0.997 ms
 Changes:   
      ID: sift-config-theme-set-background
Function: file.managed
    Name: /usr/share/backgrounds/warty-final-ubuntu.png
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes: 
      ID: sift-config-theme-set-unity-logo
Function: file.managed
    Name: /usr/share/unity-greeter/logo.png
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:
      ID: sift-config-theme-manage-gnome-terminal
Function: file.managed
    Name: /home/sansforensics/.config/autostart/gnome-terminal.desktop
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes:   
      ID: sift-config-unity-launcher-user
Function: cmd.run
    Name: gsettings set com.canonical.Unity.Launcher launcher-position Bottom
  Result: False
 Comment: User 'sansforensics' is not available
 Started: 17:46:32.671729
Duration: 7.848 ms
 Changes:   
      ID: sift-config-unity-disable-scopes
Function: cmd.run
    Name: gsettings set com.canonical.Unity.Lenses disabled-scopes "['more_suggestions-amazon.scope', 'more_suggestions-u1ms.scope', 'more_suggestions-populartracks.scope', 'music-musicstore.scope', 'more_suggestions-ebay.scope', 'more_suggestions-ubuntushop.scope', 'more_suggestions-skimlinks.scope']"
  Result: False
 Comment: User 'sansforensics' is not available
 Started: 17:46:32.679834
Duration: 1.352 ms
 Changes:   
      ID: sift-config-unity-favorites
Function: cmd.run
    Name: gsettings set com.canonical.Unity.Launcher favorites "['application://gnome-terminal.desktop', 'application://firefox.desktop', 'application://org.gnome.Nautilus.desktop', 'application://unity-control-center.desktop', 'unity://running-apps', 'unity://expo-icon', 'unity://devices']"
  Result: False
 Comment: User 'sansforensics' is not available
 Started: 17:46:32.681439
Duration: 1.512 ms
 Changes:   
      ID: sift-config-unity-icon-size
Function: cmd.run
    Name: dconf write /org/compiz/profiles/unity/plugins/unityshell/icon-size 32
  Result: False
 Comment: User 'sansforensics' is not available
 Started: 17:46:32.683206
Duration: 1.686 ms
 Changes:   
      ID: sift-config-unity-minimize-window
Function: cmd.run
    Name: dconf write /org/compiz/profiles/unity/plugins/unityshell/launcher-minimize-window true
  Result: False
 Comment: User 'sansforensics' is not available
 Started: 17:46:32.685147
Duration: 1.648 ms
 Changes:   
      ID: sift-config-user
Function: test.nop
  Result: False
 Comment: One or more requisite failed: sift.config.user.folders.folders-config-autostart, sift.config.user.pdfs.sift-pdf-poster-find-evil, sift.config.user.theme.sift-config-theme-manage-gnome-terminal, sift.config.user.pdfs.sift-pdf-guide-linux-shell-survival, sift.config.user.user.sift-user-sansforensics, sift.config.user.symlinks.symlinks-cases, sift.config.user.bash-aliases.sift-config-user-bash-aliases, sift.config.user.bash-rc.rekall-path, sift.config.user.rekall.sift-config-user-rekall-rc, sift.config.user.symlinks.symlinks-mount-points, sift.config.user.symlinks.symlinks-user-desktop-directory, sift.config.user.terminal.sift-config-terminal-profiles-install, sift.config.user.pdfs.sift-pdf-poster-dfir-smartphone, sift.config.user.theme.sift-config-theme-set-unity-logo, sift.config.user.theme.sift-config-theme-gtk, sift.config.user.unity.sift-config-unity-minimize-window, sift.config.user.pdfs.sift-pdf-poster-sift-remnux, sift.config.user.bash-rc.rc-noclobber, sift.config.user.unity.sift-config-unity-favorites, sift.config.user.pdfs.sift-pdf-cheatsheet-sift, sift.config.user.theme.sift-config-theme-set-background, sift.config.user.bash-rc.sift-config-user-prompt, sift.config.user.unity.sift-config-unity-launcher-user, sift.config.user.bash-rc.sift-config-user-prompt-command, sift.config.user.pdfs.sift-pdf-poster-dfir-threat-intel, sift.config.user.theme.sift-config-theme-icon, sift.config.user.unity.sift-config-unity-icon-size, sift.config.user.pdfs.sift-pdf-cheatsheet-volatility, sift.config.user.bash-rc.rc-root-noclobber, sift.config.user.bash-aliases.sift-config-user-bash-aliases-user, sift.config.user.unity.sift-config-unity-disable-scopes, sift.config.user.pdfs.sift-pdf-poster-windows-forensics, sift.config.user.pdfs.sift-pdf-poster-cheatsheet-rekall, sift.config.user.pdfs.sift-pdf-poster-network-forensics, sift.config.user.pdfs.sift-pdf-cheatsheet-windows-to-unix, sift.config.user.pdfs.sift-pdf-poster-memory-foreniscs, sift.config.user.pdfs.sift-pdf-cheatsheet-hexfile-regex
 Changes: 
      ID: config-folder-cases
Function: file.directory
    Name: /cases
  Result: False
 Comment: One or more requisite failed: sift.config.user.user.sift-user-sansforensics
 Changes: 
      ID: sift-config
Function: test.nop
  Result: False
 Comment: One or more requisite failed: sift.config.folders.config-folder-cases, sift.config.user.sift-config-user
 Changes:   
      ID: sift-version-file
Function: file.managed
    Name: /etc/sift-version
  Result: False
 Comment: One or more requisite failed: sift.config.sift-config, sift.python-packages.sift-python-packages, sift.packages.sift-packages
 Changes:

I have no idea if salt-installing-version writes everything to a logfile. If i need to provide it, please let me know where it is located. thanks in advance

John

ekristen commented 6 years ago

Closing because you have another issue opened for this.