ekristen / cast Goto Github PK
View Code? Open in Web Editor NEWCast is an installer for any compatible Saltstack based distribution like SIFT or REMnux
Home Page: https://ekristen.github.io/cast/
License: MIT License
Cast is an installer for any compatible Saltstack based distribution like SIFT or REMnux
Home Page: https://ekristen.github.io/cast/
License: MIT License
Hello,
I tried to get cast to work on wsl but hat no success on that. Is there a solution for that or a way to get it run on wsl?
Note: I used Ubuntu 22.04 LTS on WSL for that
I am just trying to build my Windows Forensic Machine with WSL2 and try to install SIFT and REMnux on it. I need help about:
Thank in advanced 🙂
When using cast to generate a .cast.yml file, the file is generated with tabs on lines 3 and 5 (comment lines)
If an end user simply deletes only the visible text on these lines and not the tabs, then uses the release
option to generate a release, cast will fail with: FATA[0000] unable to load config: yaml: line 3: found character that cannot start any token
. Additionally, if the end user opts to leave the commented lines in, the same issue will arise.
While this is a very minor issue, it does induce a potential future error. Replacing the tab with spaces will ensure this doesn't occur in the future, whether the end user thinks to replace the entire line or not.
Ubuntu 22.04.2 LTS ARM64
WARN[0000] using unauthenticated github client, could result in API rate limiting
INFO[0000] checking operating system support component=distro owner=teamdfir repo=sift-saltstack
INFO[0000] operating system is supported component=distro owner=teamdfir repo=sift-saltstack
INFO[0000] rendering manifest component=distro owner=teamdfir repo=sift-saltstack
INFO[0000] distro validated successfully command=install
INFO[0000] downloading archive file component=distro owner=teamdfir repo=sift-saltstack
version=v2023.02.06
INFO[0002] downloading release file component=distro filename=checksums.txt owner=teamdfir repo=sift-saltstack
INFO[0002] downloading release file component=distro filename=checksums.txt.sig owner=teamdfir repo=sift-saltstack
INFO[0002] downloading release file component=distro filename=cosign.pub owner=teamdfir repo=sift-saltstack
INFO[0003] downloading release file component=distro filename=manifest.yml owner=teamdfir repo=sift-saltstack
INFO[0003] downloading release file component=distro filename=pgp.pub owner=teamdfir repo=sift-saltstack
INFO[0003] downloading release file component=distro filename=sift-saltstack-2023.02.06.tar.gz.asc owner=teamdfir repo=sift-saltstack
INFO[0003] downloading release file component=distro filename=sift-saltstack-2023.02.06.tar.gz.sha256 owner=teamdfir repo=sift-saltstack
INFO[0003] downloading release file component=distro filename=sift-saltstack-2023.02.06.tar.gz.sha256.asc owner=teamdfir repo=sift-saltstack
INFO[0003] signatures verified component=cosign
INFO[0003] validating checksums component=distro handler=validateChecksums owner=teamdfir repo=sift-saltstack
INFO[0003] checksum validated component=distro filename=teamdfir-sift-saltstack-v2023.02.06-0-gfddbdc4.tar.gz owner=teamdfir repo=sift-saltstack
INFO[0003] checksum validated component=distro filename=manifest.yml owner=teamdfir repo=sift-saltstack
INFO[0003] extracting archive file component=distro owner=teamdfir repo=sift-saltstack version=v2023.02.06
INFO[0003] distro downloaded successfully command=install
INFO[0003] installing using mode: default command=install
INFO[0003] checking if install can progress component=installer
INFO[0003] preparing pillar data component=installer
INFO[0003] running saltstack installer component=installer
INFO[0003] downloading tar.gz file component=saltstack-installer handler=install-binary
FATA[0004] received error code 404 attempting to download
Hello,
While running the signature check documented on the release page with cosign 2.2.0:
cosign verify-blob \
--key https://github.com/ekristen/cast/releases/download/v0.14.0/cosign.pub \
--signature https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz.sig \
https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz
The output is:
Error: signature not found in transparency log
main.go:74: error during command execution: signature not found in transparency log
Bypassing the transparency log confirms the signature is ok, though discouraged:
cosign verify-blob --insecure-ignore-tlog \
--key https://github.com/ekristen/cast/releases/download/v0.14.0/cosign.pub \
--signature https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz.sig \
https://github.com/ekristen/cast/releases/download/v0.14.0/cast_v0.14.0_linux_amd64.tar.gz
The output is:
WARNING: Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the blob.
Verified OK
Is it expected?
Thanks
Hi! I need your help, please. I am a student in the first module of DigitalForensicsInvestigation. I am trying to install the SIFT Workstation through WSL following the guide from the SANS website (https://www.sans.org/tools/sift-workstation/):
Install Windows Subsystem for Linux (WSL) according to Microsoft’s latest guidance, currently located at https://docs.microsoft.com/en-us/windows/wsl/install-win10. The SIFT distribution can be installed on either WSL version 1 or version2.
Choose Ubuntu 22.04 during the WSL installation process.
Launch the Ubuntu Bash Shell and elevate to root (sudo su) to avoid permissions issues during the installation process.
Install the Latest Cast Binary from its release page
Run 'sudo cast install --mode=server teamdfir/sift-saltstack' to install the latest version of SIFT in WSL
Congrats -- you now have a SIFT Workstation in Windows!
After I did all the steps and installed cast v.0.14.0, the terminal notification was:
...INFO[0777] statistics component=installer failed=0 success=571 total=571
INFO[0777] salt-call completed successfully component=installer
b32opgh@DESKTOP-2C242CJ: /mnt/c/Users/White/Desktop/CASTSIFT/cast-0.14.10
$ cast --version
cast version v0.14.0..."
So the installation is successful. I have a question: now how to run the SIFT Workstation after that? Maybe it sounds foolish, but I am a beginner in Linux, Ubuntu, GitHub, coding and etc., so it is a little bit complicated for me. When I try to run the SIFTWorkstation by commands such as "sansforensics", "siftworkstation" - the message from the terminal is "command not found". When I try to run "sift" or "sift version", the terminal response is "Command 'sift' not found, but can be installed with: sudo apt install python3-guiqwt", and when I install this kind of "apt install" - it installs another SIFT ("Sift v0.2.8: Signal and Image Filtering Tool"), not SIFTWorkstation from SANS.
P.S. Also for me it is strange that the cast version appears to be v.0.14.0, but before running "sudo cast install --mode=server teamdfir/sift-saltstack" I have downloaded all the files from v.0.14.10 via this link https://github.com/ekristen/cast/releases/tag/v0.14.10 and cosigned them by this command "cosign verify-blob --key https://github.com/ekristen/cast/releases/download/v0.14.10/cosign.pub --signature https://github.com/ekristen/cast/releases/download/v0.14.10/cast_v0.14.10_linux_amd64.tar.gz.sig
https://github.com/ekristen/cast/releases/download/v0.14.10/cast_v0.14.10_linux_amd64.tar.gz --insecure-ignore-tlog".
I would be very happy to hear from anyone who can help me with this issue. Thank you a lot!
Getting this:
INFO[0311] state completed component=installer duration=3.031 state=/usr/local/etc/foremost.conf time_begin="18:38:00.205811" time_end="18:38:00.208843"
INFO[0311] state completed component=installer duration=1.852 state=sift-config-tools time_begin="18:38:00.212314" time_end="18:38:00.214165"
INFO[0311] state completed component=installer duration=1.152 state=sift-desktop-include time_begin="18:38:00.222513" time_end="18:38:00.223666"
INFO[0311] state completed component=installer duration=0.846 state=install-complete time_begin="18:38:00.225199" time_end="18:38:00.226044"
INFO[0312] log file location component=installer file=/var/cache/cast/installer/logs/saltstack.log
INFO[0312] results file location component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[0312] first failed state comment="One or more requisite failed: sift.config.user.sift-config-user" component=installer run_num=680 sls=sift.config
INFO[0312] statistics component=installer failed=3 success=673 total=676
INFO[0312] salt-call completed but had failed states component=installer
FATA[0312] salt-call completed but had failed states
am I missing something? this is WSL V2 Ubuntu 20.04
INFO[2221] log file location component=installer file=/var/cache/cast/installer/logs/saltstack.log
INFO[2221] results file location component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[2221] first failed state comment="One or more requisite failed: sift.config.user.sift-config-user, sift.config.timezone.Etc/UTC" component=installer run_num=679 sls=sift.config
INFO[2221] statistics component=installer failed=5 success=670 total=675
INFO[2221] salt-call completed but had failed states component=installer
FATA[2221] salt-call completed but had failed states
sudo sift install
[email protected]+0-g0582d2b
sift-version: notinstalled
mode: desktop
downloading v2023.02.06
downloading sift-saltstack-v2023.02.06.tar.gz.asc
downloading sift-saltstack-v2023.02.06.tar.gz.sha256
downloading sift-saltstack-v2023.02.06.tar.gz.sha256.asc
/snapshot/sift-cli/sift-cli.js:357
throw new Error(res.body)
^
Error
at Request. (/snapshot/sift-cli/sift-cli.js:357:17)
at Request.emit (events.js:400:28)
at Request.onRequestResponse (/snapshot/sift-cli/node_modules/request/request.js:1059:10)
at ClientRequest.emit (events.js:400:28)
at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:647:27)
at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)
at TLSSocket.socketOnData (_http_client.js:515:22)
at TLSSocket.emit (events.js:400:28)
at addChunk (internal/streams/readable.js:293:12)
at readableAddChunk (internal/streams/readable.js:267:9)
at TLSSocket.Readable.push (internal/streams/readable.js:206:10)
at TLSWrap.onStreamRead (internal/stream_base_commons.js:188:23)
Thank you in advance for your help
Hi,
Please see error after Saltsalt has been runnning for some time - I've been running in WSL Ubuntu 22.04. I was hoping install would work easily.:
INFO[1748] log file location component=installer file=/var/cache/cast/installer/logs/saltstack.log
INFO[1748] results file location component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[1748] first failed state comment="One or more requisite failed: sift.python3-packages.defang.sift-python3-packages-defang" component=installer run_num=299 sls=sift.python3-packages.machinae
INFO[1748] statistics component=installer failed=7 success=561 total=568
INFO[1748] salt-call completed but had failed states component=installer
Please can you assist?
Happy to provide any further info you may need, please let me know
sudo install sift produced the below lines / errors:
[email protected]+0-g0582d2b
sift-version: notinstalled
mode: desktop
downloading v2023.02.06downloading sift-saltstack-v2023.02.06.tar.gz.asc
downloading sift-saltstack-v2023.02.06.tar.gz.sha256
downloading sift-saltstack-v2023.02.06.tar.gz.sha256.asc
downloading sift-saltstack-v2023.02.06.tar.gz
validating file sift-saltstack-v2023.02.06.tar.gz
Hashes for sift-saltstack-v2023.02.06.tar.gz do not match. Expected: , Actual: 4076d01731899d27412d25ddeff3b21c4e66308cf802ff8f6e2f5f77414bbbeb /tmp/sift-saltstack-v2023.02.06.tar.gz
Error: Hashes for sift-saltstack-v2023.02.06.tar.gz do not match. Expected: , Actual: 4076d01731899d27412d25ddeff3b21c4e66308cf802ff8f6e2f5f77414bbbeb /tmp/sift-saltstack-v2023.02.06.tar.gz
at validateFile (/snapshot/sift-cli/sift-cli.js:411:11)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async downloadUpdate (/snapshot/sift-cli/sift-cli.js:478:3)
at async run (/snapshot/sift-cli/sift-cli.js:772:5)
at async main (/snapshot/sift-cli/sift-cli.js:795:5)
i am a newbie and learning. reading the comments, sift cli is deprecated or soon to be by Mar 2023. And I now am to use cast. I ran "sudo cast install --mode desktop teamdfir/sift-saltstack" Resulting to "cast command not found"
I downloaded cast-main.zip and unzipped it. what would be the next step(s) or command(s)? Any feedback is appreciated.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/docs.yml
actions/checkout v4
peaceiris/actions-gh-pages v4
.github/workflows/release.yml
actions/checkout v4
actions/checkout v4
actions/setup-go v5
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/login-action v3
sigstore/cosign-installer v3
1password/load-secrets-action v2
goreleaser/goreleaser-action v6
actions/upload-artifact v4
.github/workflows/semantic-lint.yml
amannn/action-semantic-pull-request v5
.github/workflows/semantic.yml
actions/checkout v4
actions/setup-node v4
.github/workflows/tests.yml
actions/checkout v4
actions/setup-go v5
go.mod
go 1.22.5
github.com/Masterminds/semver v1.5.0
github.com/Masterminds/sprig/v3 v3.3.0
github.com/ProtonMail/gopenpgp/v2 v2.7.5
github.com/google/go-github/v63 v63.0.0
github.com/otiai10/copy v1.14.0
github.com/pkg/errors v0.9.1
github.com/rancher/wrangler v0.8.6
github.com/sigstore/cosign/v2 v2.4.0
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.9.0
github.com/urfave/cli/v2 v2.27.4
golang.org/x/crypto v0.27.0
golang.org/x/oauth2 v0.23.0
gopkg.in/yaml.v3 v3.0.1
pkg/saltstack/constants.go
.github/workflows/release.yml
golang 1.23
.github/workflows/tests.yml
golang 1.23
I'm trying to follow this tutorial to create a malware analysis lab
Video Here
I've ran the following command to install remnu on an ubuntu 20.04:
sudo cast install --mode=addon remnux/salt-states
Remnux was installed, but I'm getting completed but with failed states
INFO[0476] results file location component=installer file=/var/cache/cast/installer/logs/results.yaml
WARN[0476] first failed state comment="One or more requisite failed: remnux.python3-packages.thug.remnux-python3-packages-thug-packages" component=installer run_num=343 sls=remnux.python3-packages.thug
INFO[0476] statistics component=installer failed=20 success=767 total=787
INFO[0476] salt-call completed but had failed states component=installer
FATA[0476] salt-call completed but had failed states
I've run it multiple times and it's the exact same output.
Is there any way to fix this?
Hi,
I´ve just installed Sift using cast and it was successful. However when I try to install remnux using (sudo cast install --mode=addon remnux/salt-states) I get many errors
Attached I include the log file generated during the install
I'd appreciate your help.
thanks
I just installed Sift using Cast without first installing sift CLI. Im trying to install SIFT CLI after the fact and getting invalid OS on Ubuntu 22.04.1.
I guess my question is do I need to have SIFT CLI installed to update and upgrade SIFT moving forward if i have used cast to install?
If I dont need SIFT CLI to Upgrade how can I update and upgrade SIFT using Cast?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.