Closed Darth-Leshioius closed 3 years ago
ekristen
commented
3 years ago This was recently discovered and resolved in the build system.
You can attempt to upgrade to the latest version of SIFT by using the SIFT CLI via sift upgrade --pre-release this will download and run v2020.10.2-rc1
https://github.com/teamdfir/sift-saltstack/releases/tag/v2020.10.2-rc1
digitalsleuth
commented
3 years ago @ekristen Pull request # 40 fixes this, but wasn't merged prior to the most recent release.
digitalsleuth
commented
3 years ago @Darth-Leshioius This should be fixed for you now, try running the upgrade with the --pre-release option and let us know how it goes.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Darth-Leshioius
commented
3 years ago I've ran 'apt-get update' and 'apt-get remove', then I run the following, and I still get the same error:
$ sudo psteal.py --source /dev/sdb1 -o l2tcsv -w l2t_all.csv
2021-01-12 22:52:35,225 [INFO] (MainProcess) PID:53042
Please advise; this is a major component failing for those of us who use SIFT to perform forensics.
digitalsleuth
commented
3 years ago Hi @Darth-Leshioius , try running sudo sift install --pre-release or sudo sift upgrade --pre-release to get the latest version of the packages. Pull Request #40 fixed this issue.
If you're still having this issue after this, you can remove your existing installation of redis and run sudo apt install python3-redis to fix it in the meantime, then upload your saltstack.log so we can determine the reason this is missing from your installation.
Cheers
ekristen
commented
3 years ago I just pushed a new release. 2021.1.0 no need for pre-release now
Sent from my iPhone
On Jan 12, 2021, at 19:48, Digital Sleuth notifications@github.com wrote:
Hi @Darth-Leshioius , try running sudo sift install --pre-release or sudo sift upgrade --pre-release to get the latest version of the packages. Pull Request #40 fixed this issue. If you're still having this issue after this, you can remove your existing installation of redis and run sudo apt install python3-redis to fix it in the meantime, then upload your saltstack.log so we can determine the reason this is missing from your installation.
Cheers
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Darth-Leshioius
commented
3 years ago I failed to mention yesterday that I'd also run 'sudo sift upgrade --pre-release' prior to posting. I ran 'sudo sift update' this morning, and also uninstalled, and reinstalled python3-redis. I'm still getting the same error as before about the redis version, even though the installed redis appears to be 3.5.3 from dpkg:
$ sudo dpkg -s python3-redis Package: python3-redis Status: install ok installed Priority: extra Section: python Installed-Size: 308 Maintainer: Andy McCurdy sedrik@gmail.com Architecture: all Source: python-redis Version: 3.5.3-1ppa1~bionic Depends: python3:any (>= 3.5~) Description: Python client for Redis key-value store The Python interface to the Redis key-value store Homepage: http://github.com/andymccurdy/redis-py
Please advise, and thank you for your assistance with troubleshooting this issue.
Darth-Leshioius
commented
3 years ago I figured out how to update the PIP3 redis, and now I'm able to successfully use Plaso. This may help others with a similar issue.
Thank you for your time and assistance with this issue.
Plaso is erroring out when I attempt to use it on Ubuntu 18.04 LTS. I just ran full 'sift update' prior to attempting to use Plaso.
"2020-10-16 17:39:21,150 [INFO] (MainProcess) PID:20007 Determined data location: /usr/share/plaso
2020-10-16 17:39:21,162 [INFO] (MainProcess) PID:20007 Determined artifact definitions path: /usr/share/artifacts
Checking availability and versions of dependencies.
[FAILURE] redis version: 3.3.11 is too old, 3.4 or later required."