ekristen / cast Goto Github PK

Getting this:

INFO[0311] state completed component=installer duration=3.031 state=/usr/local/etc/foremost.conf time_begin="18:38:00.205811" time_end="18:38:00.208843"
INFO[0311] state completed component=installer duration=1.852 state=sift-config-tools time_begin="18:38:00.212314" time_end="18:38:00.214165"
INFO[0311] state completed component=installer duration=1.152 state=sift-desktop-include time_begin="18:38:00.222513" time_end="18:38:00.223666"
INFO[0311] state completed component=installer duration=0.846 state=install-complete time_begin="18:38:00.225199" time_end="18:38:00.226044"
INFO[0312] log file location component=installer file=/var/cache/cast/installer/logs/saltstack.log
INFO[0312] results file location component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[0312] first failed state comment="One or more requisite failed: sift.config.user.sift-config-user" component=installer run_num=680 sls=sift.config
INFO[0312] statistics component=installer failed=3 success=673 total=676
INFO[0312] salt-call completed but had failed states component=installer
FATA[0312] salt-call completed but had failed states

am I missing something? this is WSL V2 Ubuntu 20.04

sudo install sift produced the below lines / errors:

[email protected]+0-g0582d2b
sift-version: notinstalled

mode: desktop
downloading v2023.02.06

downloading sift-saltstack-v2023.02.06.tar.gz.asc
downloading sift-saltstack-v2023.02.06.tar.gz.sha256
downloading sift-saltstack-v2023.02.06.tar.gz.sha256.asc
downloading sift-saltstack-v2023.02.06.tar.gz
validating file sift-saltstack-v2023.02.06.tar.gz

Hashes for sift-saltstack-v2023.02.06.tar.gz do not match. Expected: , Actual: 4076d01731899d27412d25ddeff3b21c4e66308cf802ff8f6e2f5f77414bbbeb /tmp/sift-saltstack-v2023.02.06.tar.gz

Error: Hashes for sift-saltstack-v2023.02.06.tar.gz do not match. Expected: , Actual: 4076d01731899d27412d25ddeff3b21c4e66308cf802ff8f6e2f5f77414bbbeb /tmp/sift-saltstack-v2023.02.06.tar.gz

at validateFile (/snapshot/sift-cli/sift-cli.js:411:11)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async downloadUpdate (/snapshot/sift-cli/sift-cli.js:478:3)
at async run (/snapshot/sift-cli/sift-cli.js:772:5)
at async main (/snapshot/sift-cli/sift-cli.js:795:5)

i am a newbie and learning. reading the comments, sift cli is deprecated or soon to be by Mar 2023. And I now am to use cast. I ran "sudo cast install --mode desktop teamdfir/sift-saltstack" Resulting to "cast command not found"
I downloaded cast-main.zip and unzipped it. what would be the next step(s) or command(s)? Any feedback is appreciated.

I am just trying to build my Windows Forensic Machine with WSL2 and try to install SIFT and REMnux on it. I need help about:

1. How does user know which SIFT/REMnux version installed when install it using cast?
2. Is there any way to update the SIFT/REMnux using cast?

Thank in advanced 🙂

INFO[2221] log file location component=installer file=/var/cache/cast/installer/logs/saltstack.log
INFO[2221] results file location component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[2221] first failed state comment="One or more requisite failed: sift.config.user.sift-config-user, sift.config.timezone.Etc/UTC" component=installer run_num=679 sls=sift.config
INFO[2221] statistics component=installer failed=5 success=670 total=675
INFO[2221] salt-call completed but had failed states component=installer
FATA[2221] salt-call completed but had failed states

When using cast to generate a .cast.yml file, the file is generated with tabs on lines 3 and 5 (comment lines)
If an end user simply deletes only the visible text on these lines and not the tabs, then uses the release option to generate a release, cast will fail with: FATA[0000] unable to load config: yaml: line 3: found character that cannot start any token. Additionally, if the end user opts to leave the commented lines in, the same issue will arise.

While this is a very minor issue, it does induce a potential future error. Replacing the tab with spaces will ensure this doesn't occur in the future, whether the end user thinks to replace the entire line or not.

Hi,

I´ve just installed Sift using cast and it was successful. However when I try to install remnux using (sudo cast install --mode=addon remnux/salt-states) I get many errors
Attached I include the log file generated during the install

saltstack.log

I'd appreciate your help.
thanks

Hi! I need your help, please. I am a student in the first module of DigitalForensicsInvestigation. I am trying to install the SIFT Workstation through WSL following the guide from the SANS website (https://www.sans.org/tools/sift-workstation/):

1. Install Windows Subsystem for Linux (WSL) according to Microsoft’s latest guidance, currently located at https://docs.microsoft.com/en-us/windows/wsl/install-win10. The SIFT distribution can be installed on either WSL version 1 or version2.
   Choose Ubuntu 22.04 during the WSL installation process.

2. Launch the Ubuntu Bash Shell and elevate to root (sudo su) to avoid permissions issues during the installation process.

3. Install the Latest Cast Binary from its release page

4. Run 'sudo cast install --mode=server teamdfir/sift-saltstack' to install the latest version of SIFT in WSL

5. Congrats -- you now have a SIFT Workstation in Windows!

After I did all the steps and installed cast v.0.14.0, the terminal notification was:
...INFO[0777] statistics component=installer failed=0 success=571 total=571
INFO[0777] salt-call completed successfully component=installer
b32opgh@DESKTOP-2C242CJ: /mnt/c/Users/White/Desktop/CASTSIFT/cast-0.14.10
$ cast --version
cast version v0.14.0..."

So the installation is successful. I have a question: now how to run the SIFT Workstation after that? Maybe it sounds foolish, but I am a beginner in Linux, Ubuntu, GitHub, coding and etc., so it is a little bit complicated for me. When I try to run the SIFTWorkstation by commands such as "sansforensics", "siftworkstation" - the message from the terminal is "command not found". When I try to run "sift" or "sift version", the terminal response is "Command 'sift' not found, but can be installed with: sudo apt install python3-guiqwt", and when I install this kind of "apt install" - it installs another SIFT ("Sift v0.2.8: Signal and Image Filtering Tool"), not SIFTWorkstation from SANS.
P.S. Also for me it is strange that the cast version appears to be v.0.14.0, but before running "sudo cast install --mode=server teamdfir/sift-saltstack" I have downloaded all the files from v.0.14.10 via this link https://github.com/ekristen/cast/releases/tag/v0.14.10 and cosigned them by this command "cosign verify-blob --key https://github.com/ekristen/cast/releases/download/v0.14.10/cosign.pub --signature https://github.com/ekristen/cast/releases/download/v0.14.10/cast_v0.14.10_linux_amd64.tar.gz.sig
https://github.com/ekristen/cast/releases/download/v0.14.10/cast_v0.14.10_linux_amd64.tar.gz --insecure-ignore-tlog".

I would be very happy to hear from anyone who can help me with this issue. Thank you a lot!

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update module github.com/rancher/wrangler to v0.8.11
• fix(deps): update module github.com/google/go-github/v59 to v61
• fix(deps): update module github.com/google/go-github/v60 to v61
• fix(deps): update module github.com/rancher/wrangler to v2
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

sudo sift install

[email protected]+0-g0582d2b
sift-version: notinstalled

mode: desktop
downloading v2023.02.06

    downloading sift-saltstack-v2023.02.06.tar.gz.asc
    downloading sift-saltstack-v2023.02.06.tar.gz.sha256
    downloading sift-saltstack-v2023.02.06.tar.gz.sha256.asc
    /snapshot/sift-cli/sift-cli.js:357
    throw new Error(res.body)
    ^

Error
at Request. (/snapshot/sift-cli/sift-cli.js:357:17)
at Request.emit (events.js:400:28)
at Request.onRequestResponse (/snapshot/sift-cli/node_modules/request/request.js:1059:10)
at ClientRequest.emit (events.js:400:28)
at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:647:27)
at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)
at TLSSocket.socketOnData (_http_client.js:515:22)
at TLSSocket.emit (events.js:400:28)
at addChunk (internal/streams/readable.js:293:12)
at readableAddChunk (internal/streams/readable.js:267:9)
at TLSSocket.Readable.push (internal/streams/readable.js:206:10)
at TLSWrap.onStreamRead (internal/stream_base_commons.js:188:23)

Thank you in advance for your help

• All the HTTP requests should work through a proxy.
• Saltstack Run should be configured to work through a proxy.

I just installed Sift using Cast without first installing sift CLI. Im trying to install SIFT CLI after the fact and getting invalid OS on Ubuntu 22.04.1.

I guess my question is do I need to have SIFT CLI installed to update and upgrade SIFT moving forward if i have used cast to install?

If I dont need SIFT CLI to Upgrade how can I update and upgrade SIFT using Cast?

Hello,

While running the signature check documented on the release page with cosign 2.2.0:

cosign verify-blob \
  --key https://github.com/ekristen/cast/releases/download/v0.14.0/cosign.pub \
  --signature https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz.sig \
  https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz

The output is:

Error: signature not found in transparency log
main.go:74: error during command execution: signature not found in transparency log

Bypassing the transparency log confirms the signature is ok, though discouraged:

cosign verify-blob --insecure-ignore-tlog \
  --key https://github.com/ekristen/cast/releases/download/v0.14.0/cosign.pub \
  --signature https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz.sig \
  https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz

The output is:

WARNING: Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the blob.
Verified OK

Is it expected?

Thanks

Ubuntu 22.04.2 LTS ARM64

WARN[0000] using unauthenticated github client, could result in API rate limiting 

INFO[0000] checking operating system support             component=distro owner=teamdfir repo=sift-saltstack

INFO[0000] operating system is supported                 component=distro owner=teamdfir repo=sift-saltstack

INFO[0000] rendering manifest                            component=distro owner=teamdfir repo=sift-saltstack

INFO[0000] distro validated successfully                 command=install

INFO[0000] downloading archive file                      component=distro owner=teamdfir repo=sift-saltstack 
version=v2023.02.06

INFO[0002] downloading release file                      component=distro filename=checksums.txt owner=teamdfir repo=sift-saltstack

INFO[0002] downloading release file                      component=distro filename=checksums.txt.sig owner=teamdfir repo=sift-saltstack

INFO[0002] downloading release file                      component=distro filename=cosign.pub owner=teamdfir repo=sift-saltstack

INFO[0003] downloading release file                      component=distro filename=manifest.yml owner=teamdfir repo=sift-saltstack

INFO[0003] downloading release file                      component=distro filename=pgp.pub owner=teamdfir repo=sift-saltstack

INFO[0003] downloading release file                      component=distro filename=sift-saltstack-2023.02.06.tar.gz.asc owner=teamdfir repo=sift-saltstack

INFO[0003] downloading release file                      component=distro filename=sift-saltstack-2023.02.06.tar.gz.sha256 owner=teamdfir repo=sift-saltstack

INFO[0003] downloading release file                      component=distro filename=sift-saltstack-2023.02.06.tar.gz.sha256.asc owner=teamdfir repo=sift-saltstack

INFO[0003] signatures verified                           component=cosign

INFO[0003] validating checksums                          component=distro handler=validateChecksums owner=teamdfir repo=sift-saltstack

INFO[0003] checksum validated                            component=distro filename=teamdfir-sift-saltstack-v2023.02.06-0-gfddbdc4.tar.gz owner=teamdfir repo=sift-saltstack

INFO[0003] checksum validated                            component=distro filename=manifest.yml owner=teamdfir repo=sift-saltstack

INFO[0003] extracting archive file                       component=distro owner=teamdfir repo=sift-saltstack version=v2023.02.06

INFO[0003] distro downloaded successfully                command=install

INFO[0003] installing using mode: default                command=install

INFO[0003] checking if install can progress              component=installer

INFO[0003] preparing pillar data                         component=installer

INFO[0003] running saltstack installer                   component=installer

INFO[0003] downloading tar.gz file                       component=saltstack-installer handler=install-binary

FATA[0004] received error code 404 attempting to download 

Hello,

I tried to get cast to work on wsl but hat no success on that. Is there a solution for that or a way to get it run on wsl?

Note: I used Ubuntu 22.04 LTS on WSL for that

I'm trying to follow this tutorial to create a malware analysis lab
Video Here

I've ran the following command to install remnu on an ubuntu 20.04:

 sudo cast install --mode=addon remnux/salt-states

Remnux was installed, but I'm getting completed but with failed states

INFO[0476] results file location                         component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[0476] first failed state                            comment="One or more requisite failed: remnux.python3-packages.thug.remnux-python3-packages-thug-packages" component=installer run_num=343 sls=remnux.python3-packages.thug
INFO[0476] statistics                                    component=installer failed=20 success=767 total=787
INFO[0476] salt-call completed but had failed states     component=installer
FATA[0476] salt-call completed but had failed states

I've run it multiple times and it's the exact same output.

Is there any way to fix this?

I'm running Ubuntu 22.04 and have run into this error:

I've tried disabling SSL warnings, but not quite sure that is the proper route to pursue. Please help if you can!