Closed davidep closed 4 years ago
ekristen
commented
4 years ago @davidep thanks for the report. I can take a look into this later. However we are simply installing pip module that volatility publishes. It's possible that the install somehow was run by python3 vs python2 on your system, or we need to make a change to force python2 to be used.
davidep
commented
4 years ago You are right @ekristen
I now tried to install sift 1.8.5 with the latest saltstack on a clean Ubuntu 18.04 and the vol.py was installed correctly pointing to #!/usr/bin/python (python 2.7)
Wondering if the issue could have been caused by some of the older SIFT updates... I recall there was lot of playing around python2 and python3 some month ago.
ekristen
commented
4 years ago It is possible. This whole py2 to py3 is a mess.
davidep
commented
4 years ago It is possible. This whole py2 to py3 is a mess.
indeed :)
wondering if Ubuntu 20.04 and Volatility3 support is progressing well... happy to help there if needed.
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
On Ubuntu 18.04 I found that with the latest saltstack (2020.2.1) and sift cli (1.8.5)
the script to run volatility: /usr/local/bin/vol.py was pointing to /usr/bin/python3 instead of python2.7
The issue was verified on a vanilla Ubuntu 18.04
Below the error I was getting after executing vol.py
I fixed the issue by changing the static reference back to python2 in the first line of vol.py , but I hope it can be fixed on the next saltstack to make sure other programs are not affected by the same nor the "patch" needs to be re-applied after the next sift upgrades/updates.