[CLI] Unable to install Sift on ubuntu 14.04.Sift & Remnux in one machine as Remnux support only 14.04

[saishandilya]

Hi,

1)I want to installing Sift and Remnux in an EC2 Instance(Ubuntu),but Remnux is only supported by Ubuntu 14.04.so I tried installing Sift on 14.04 using sift-cli from sift-cli repo.Then I faced an issue:

sift-cli@1.7.1-master.f1177e4 sift-version: notinstalled

Installing and configuring SaltStack properly ...

Command failed: apt-get install -y --allow-change-held-packages salt-minion E: Command line option --allow-change-held-packages is not understood

Error: Command failed: apt-get install -y --allow-change-held-packages salt-minion E: Command line option --allow-change-held-packages is not understood

at ChildProcess.exithandler (child_process.js:205:12)
at emitTwo (events.js:106:13)
at ChildProcess.emit (events.js:194:7)
at maybeClose (internal/child_process.js:899:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)

2)Instead I tried using sift-saltstack type installation using sift-saltstack repo,I have changed the sift-saltstack ubuntu installation from 16.04 to 14.04 base,using this it resulted as below:

Commands: wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -

echo "deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main" | sudo tee /etc/apt/sources.list.d/saltstack.list

sudo apt-get update

sudo apt-get install salt-minion

and after few steps,finally:

sudo salt-call -l info --local --file-root=/tmp/salt state.apply sift.pkgs

Result: [INFO ] Loading fresh modules for state activity local: Data failed to compile:

No matching sls found for 'sift.pkgs' in env 'base'

3)Finally,I launched a new EC2 Instance(Ubuntu 14.04) and tried installing sift using the below mentioned command:

wget --quiet -O - https://raw.githubusercontent.com/sans-dfir/sift-bootstrap/legacy/bootstrap.sh | sudo bash -s -- -i -s -y Result: There were multiple failure package installations:

• ERROR: Install Failure: autopsy (Error Code: 100)
  • ERROR: Install Failure: libbde (Error Code: 100)
• ERROR: Install Failure: libbde-tools (Error Code: 100)
• ERROR: Install Failure: libesedb (Error Code: 100)
• ERROR: Install Failure: libesedb-tools (Error Code: 100)
• ERROR: Install Failure: libevt (Error Code: 100)
• ERROR: Install Failure: libevt-tools (Error Code: 100)
• ERROR: Install Failure: libevtx (Error Code: 100)
• ERROR: Install Failure: libevtx-tools (Error Code: 100)
• ERROR: Install Failure: libewf (Error Code: 100)
• INFO: Installed Package: libewf-dev
• ERROR: Install Failure: libewf-python (Error Code: 100)
• ERROR: Install Failure: libewf-tools (Error Code: 100)
• ERROR: Install Failure: libmsiecf (Error Code: 100)
• INFO: Installed Package: libnet1
• ERROR: Install Failure: libolecf (Error Code: 100)
• INFO: Installed Package: libparse-win32registry-perl
• INFO: Installed Package: libpff
  • INFO: Installed Package: libpff-tools
• ERROR: Install Failure: libregf (Error Code: 100)
• ERROR: Install Failure: libregf-dev (Error Code: 100)
• ERROR: Install Failure: libregf-python (Error Code: 100)
• ERROR: Install Failure: libregf-tools (Error Code: 100)
• INFO: Installed Package: libssl-dev
• INFO: Installed Package: libtext-csv-perl
• ERROR: Install Failure: libvshadow (Error Code: 100)
• ERROR: Install Failure: libvshadow-dev (Error Code: 100)
• ERROR: Install Failure: libvshadow-python (Error Code: 100)
• ERROR: Install Failure: libvshadow-tools (Error Code: 100)
• INFO: Installed Package: libxml2-dev
  • ERROR: Install Failure: python-dfvfs (Error Code: 100)
• ERROR: Install Failure: python-ntdsxtract (Error Code: 100)
  • ERROR: Install Failure: python-plaso (Error Code: 100)
  • ERROR: Install Failure: pytsk3 (Error Code: 100)
• ERROR: Install Failure: regripper (Error Code: 100)
• ERROR: Install Failure: sleuthkit (Error Code: 100)
• ERROR: Install Failure: wine (Error Code: 100)
• ERROR: Install Failure: xmount (Error Code: 100)
  • INFO: SIFT VM: Setting noclobber for ubuntu
• INFO: SIFT VM: Configuring Aliases for ubuntu and root
• INFO: SIFT VM: Sanity check for Desktop folder sudo: unable to resolve host siftworkstation
• INFO: SIFT VM: Setting up useful links on ubuntu Desktop sudo: unable to resolve host siftworkstation sudo: unable to resolve host siftworkstation
• INFO: SIFT VM: Cleaning up broken symlinks on ubuntu Desktop
• INFO: SIFT VM: Adding all SIFT Resources to ubuntu Desktop sudo: unable to resolve host siftworkstation sudo: unable to resolve host siftworkstation sudo: unable to resolve host siftworkstation cp: cannot stat ‘/usr/share/sift/other/gnome-terminal.desktop’: No such file ordirectory sudo: unable to resolve host siftworkstation cp: cannot stat ‘/usr/share/unity-greeter/logo.png’: No such file or directory sudo: unable to resolve host siftworkstation cp: cannot stat ‘/usr/share/sift/images/login_logo.png’: No such file or directory cp: cannot stat ‘/usr/share/sift/images/forensics_blue.jpg’: No such file or directory

Note: Can you help in solving this issue.I am facing too many failure in the installing SIFT in Ubuntu 14.04 which further helps in installing REMNUX. Another quick question is, can these both be installed in a same EC2 Instance?

Thanks, Sai Shandilya

[joachimmetz]

Plaso no longer supports Trusty (14.04) http://blog.kiddaland.net/2018/12/plaso-20181219-released.html and binaries for Trusty are no longer provided http://blog.kiddaland.net/2019/02/plaso-20190131-released.html.

[saishandilya]

One more quick question,@joachimmetz Will there be continuing support for SIFT 14.04??

[joachimmetz]

@saishandilya I'm not the maintainer of SIFT,

If "SIFT 14.04" is Ubuntu 14.04 with additional packages?

Then from a log2timeline/plaso perspective we no longer support it (also see https://wiki.ubuntu.com/Releases)

The main reason for this it that is it too costly (time wise) for us to keep it up to date. If there are people out there that wish to dedicate time to maintain (keep up to date) trusty builds feel free to drop me an email.

[saishandilya]

hi @ekristen

I launched an Ubuntu 14.04 EC2 instance and tried installing sift and remnux in the machine. I have a couple of questions on the installation process.

1. Whether sift and remnux can be installed on the same machine?
2. If #1 is possible then remnux supports only 14.04 version of sift but I found some packages failed to install.Will there be continuing support for SIFT 14.04??

Thanks, SaiShandilya

[ekristen]

Sift doesn’t support 14.04 anymore either.

Sent from my iPhone

On Feb 12, 2019, at 04:58, saishandilya notifications@github.com wrote:

hi @ekristen

I launched an Ubuntu 14.04 EC2 instance and tried installing sift and remnux in the machine. I have a couple of questions on the installation process.

Whether sift and remnux can be installed on the same machine? If #1 is possible then remnux supports only 14.04 version of sift but I found some packages failed to install.Will there be continuing support for SIFT 14.04?? Thanks, SaiShandilya

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.