SIFT CLI not installing on Ubuntu 20.04.5

[0ax-christin]

sudo sift install on ubuntu after following the previous steps of the installation gives me a ton of errors. I was installing using sift cli rather than sift vm because for some reason it doesnt work for me (the vm boots up but doesnt let me log in with the username and password, it temporarily logs in, and everything looks weird and then logs back out, this loops) This was the error i am getting currently. There was another error before but it no longer shows

[digitalsleuth]

Hi @christinabrahamalex , the sift-cli is being deprecated in favor of Cast. Please install Cast and use the command: sudo cast install teamdfir/sift-saltstack

[ekristen]

While sift-cli is nearing end of life, it should still work, I'll take a look and see what's up, but I would recommend moving to cast nonetheless.

[digitalsleuth]

Looks like it might be the 'v' missing from the release.

[ekristen]

Yup, that's what it is .. let me see why that's happening.

[digitalsleuth]

Each of the pre-releases since the last full release, and this release, are all missing the v when they were uploaded. Since they were all tested with cast, there wasn't an issue, but the sift-cli is looking for the v.

[ekristen]

cast iterates the asset downloads, sift-cli is hard coded :(

[digitalsleuth]

Can you re-release the latest to include the v?

[ekristen]

@digitalsleuth maybe, I'll look into it this afternoon.

[aloibeth]

I'm also having this issue. Does cast support installing on WSL (i.e. –mode=server)?

[digitalsleuth]

@aloibeth Yes cast does support the installation of server mode, and shouldn't have any issues within a WSL environment. Your command would simply be: sudo cast install --mode=server teamdfir/sift-saltstack

[transcend3nt]

edit: answered my own question. salt can be installed with documentation here https://docs.saltproject.io/salt/install-guide/en/latest/

[digitalsleuth]

Hi @transcend3nt , since the cast binary is a debian package, you can download the one which matches your architecture (AMD/ARM etc).

Once you have it downloaded you can run either: sudo apt-get install -y <full path to the file> or sudo dpkg -i <full path to the file>

Then you can run the cast command: sudo cast install sift

In this context, sift is an alias for the SIFT repo teamdfir/sift-saltstack

Let us know how this works out for you!

[ekristen]

@transcend3nt wrong issue maybe? with cast it manages saltstack for you, so did sift-cli, but with cast it uses a single binary so it doesn't actually install salt-stack on the system.

I'll work on adding some additional installation instructions.

[transcend3nt]

Hi @transcend3nt , since the cast binary is a debian package, you can download the one which matches your architecture (AMD/ARM etc).

Once you have it downloaded you can run either: sudo apt-get install -y <full path to the file> or sudo dpkg -i <full path to the file>

Then you can run the cast command: sudo cast install sift

In this context, sift is an alias for the SIFT repo teamdfir/sift-saltstack

Let us know how this works out for you!

Thanks both for the quick reply and your hard work, this works well. For readers out there like me who skim through documentation and might miss out on details, the deb file can be found in the 'Release' right-hand side section of cast. I used dpkg to install. It works magically on Ubuntu 22.04 amd x64 on AWS EC2.

[0ax-christin]

Hi @christinabrahamalex , the sift-cli is being deprecated in favor of Cast. Please install Cast and use the command: sudo cast install teamdfir/sift-saltstack

Thanks alot you guys for the quick response and troubleshooting! I got it installed using cast shortly after posting. Works perfect

[forenzyx]

Hi @transcend3nt , since the cast binary is a debian package, you can download the one which matches your architecture (AMD/ARM etc).

Once you have it downloaded you can run either: sudo apt-get install -y <full path to the file> or sudo dpkg -i <full path to the file>

Then you can run the cast command: sudo cast install sift

In this context, sift is an alias for the SIFT repo teamdfir/sift-saltstack

Let us know how this works out for you!

And where exactly do I find the debian package for CAST?

[digitalsleuth]

Hi @forenzyx , you can find the Cast binary here.

[forenzyx]

Hi @digitalsleuth can you give me the EXACT syntax to install CAST on Ubuntu? I am just not getting it. Thanks

[digitalsleuth]

Hi @forenzyx , once you download the binary, you can run: sudo dpkg -i <binary_file>, where <binary_file> is the filename of the binary you downloaded.

[digitalsleuth]

Hi @forenzyx , did you manage to get this working?

[Devops-sudarshan]

Hi @digitalsleuth I am installing SIFT with the help of CAST. When I start installation using command "sudo cast install teamdfir/sift-saltstack" after 70 mins of installation it gives the message that " Low Disk Space "Filesystem root" (Screenshot Attached). And at the time of creating VM (Ubuntu 20.04) I had increased HDD space (Screenshot Attached).

[digitalsleuth]

Hi @Devops-sudarshan , can you identify how much disk space there is within the VM? It looks like your second screenshot might not be showing the actual VHDX, but rather a checkpoint, which is only a part of what data actually exists and space used by the VHDX.

[Devops-sudarshan]

Hi @digitalsleuth, I checked and it is showing Disk Capacity 64.4 GB. Also attached screenshot

[Devops-sudarshan]

Hi @digitalsleuth

[digitalsleuth]

Hi @Devops-sudarshan , you can use tools like parted or gparted to resize your partition to use all of the available free space, then try the install again. Unfortunately this isn't a SIFT or Cast issue, however once you resize your partition you should be good to go.

[Devops-sudarshan]

Hi @digitalsleuth Successfully installed SIFT with help of CAST. Thank You so much for your support...