SIFT install on Windows errors out at Running: sift-config

[JackHumphries1994]

Hi,

I'm trying to install SIFT manually on a Windows box and get the following error message repeatedly. I've upgraded, updated apt as it states, as well as attempting to run sift update too, which gets the same error.

Running: sift-config-tools Update returned exit code not zero Error: Update returned exit code not zero at ChildProcess. (/snapshot/sift-cli/sift-cli.js:547:23) at ChildProcess.emit (events.js:315:20) at maybeClose (internal/child_process.js:1021:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)

----- PLEASE READ ----------------------

A lot of failures are caused by the apt system being locked or unhealthy.

Before opening an issue in GitHub, please check to see if your apt system is healthy.

Try running 'apt-get update' then remove any packages that aren't used by running 'apt-get autoremove'

I've looked through similar issues on here, but still can't work it out, so any help is much appreciated. I've attached my saltstack.log file and the CLI output below.

Thanks! cli.txt saltstack.log

[digitalsleuth]

Hi @JackHumphries1994 , There are a few issues listed in your saltstack.log, both of them appear unrelated. The first issue appears to be a problem with the installation of python2 in your Ubuntu Focal WSL instance. I'm not sure exactly is causing that error, but I'll look into it.

The second error comes from the configuration of the desktop environment. Now, keep in mind that since you're installing SIFT in an Ubuntu 20.04 WSL environment, there is no standard means of displaying the desktop, yet you chose the installation method of desktop. Now, even though you selected desktop instead of server, this wouldn't normally be an issue in WSL, but the cause is likely that the .dbus folder in the currently running user's home directory (/home/sirforensics), does not have proper permissions assigned. This folder and all files recursively listed should have the ownership of sirforensics:sirforensics.

Changing the permissions should fix the 'gsettings' error, but so will installing SIFT using the --mode=server option, and avoid using up space which you likely won't use anyways for the desktop environment.

The remaining errors come from states which modify services, changing the timezone for the environment to Etc/UTC for example. This shouldn't, and normally doesn't cause a problem or result in an 'actual' error, but re-running using --mode=server may resolve that.

Please attempt the install again using the server mode and get back to us to let us know if that works/resolves some issues. I'll keep you posted on the get-pip error. And the final errors are

[ekristen]

You beat me to it @digitalsleuth had my response typed up and everything. Windows WSL required --mode=server ;-) Admittedly your response was much detail than mine.

[digitalsleuth]

You know what they say: great minds think alike :-) Finally had a chance to sit down at the computer today and do something other than work :+1: .

[JackHumphries1994]

Thanks both @digitalsleuth @ekristen ! I didn't even think of that to be honest! I've re-ran the install in server mode and it still errors out. The logs definitely look to have a lot less errors in them, however the install didn't get as far. Whether this failure is due to the get-pip error, i'm unsure. I've attached the updated logs below.

Appreciate the fast response!

saltstack.log cli.txt

[digitalsleuth]

@JackHumphries1994 The only error found in your saltstack.log file appears to only be the python2 get-pip error. Mind you, even though it's only one error, it does impact many of the other tools in SIFT, including volatility (since python2-pip won't get installed).

All of the other non-python2 packages appear to have installed correctly. We'll keep you posted about the get-pip error, once we find the cause.

[JackHumphries1994]

@digitalsleuth ok, thanks for looking into it. I’ll wait for your response.

[digitalsleuth]

Issue found. The get-pip script was recently changed to support only python3. However, bootstrap.pypa.io still has a 2.7/get-pip.py script which works. Testing is ongoing to ensure the toolkit builds properly with this change, then I'll submit a PR for the fix.

[JackHumphries1994]

I was just about to comment the same answer. When looking into the get-pip.py script, there's a syntax error that fails.

I manually installed the 2.7/get-pip.py script and re-ran the installation and got a success!

COMPLETED SUCCESSFULLY -- Success: 546, Failure: 0