Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SALTSTACK] - Install Failure - Volatility causing crash #628

Open
chrish808 opened this issue May 31, 2024 · 4 comments
Open

[SALTSTACK] - Install Failure - Volatility causing crash #628

chrish808 opened this issue May 31, 2024 · 4 comments

Comments

@chrish808
Copy link

Installing SIFT on WSL - Ubuntu 22.04
Running as root (as per https://www.sans.org/tools/sift-workstation/)
Command used: sudo cast install --mode=server teamdfir/sift-saltstack
using cast v0.14.30
cast working fine to install all packages and dependencies up until the following Volatility community plugins git request:
image

System freezes and crashes the server. Attempted install on multiple fresh installs and with earlier versions of cast (.29)
.

@ekristen
Copy link
Contributor

Does the output just hang or does it legitimately crash or freeze the whole thing?

@chrish808
Copy link
Author

hangs for about 10 seconds then freezes and crashes the underlying system

@ekristen
Copy link
Contributor

ekristen commented Nov 5, 2024

does this problem still exist @chrish808

@ctxppc
Copy link

ctxppc commented Nov 20, 2024

I have the same or similar issue (Cast 0.15.2 but same error in previous releases).

Output of sudo cast install teamdfir/sift-saltstack on a clean Ubuntu 20.04.6 system:

time="2024-11-20T16:03:41+01:00" level=info msg="state completed" component=installer duration=7.73 state=/etc/foremost.conf time_begin="16:03:41.279452" time_end="16:03:41.287182"
time="2024-11-20T16:03:41+01:00" level=info msg="state completed" component=installer duration=3.066 state=/usr/local/etc/foremost.conf time_begin="16:03:41.287338" time_end="16:03:41.290405"
time="2024-11-20T16:03:41+01:00" level=info msg="state completed" component=installer duration=1.033 state=sift-config-tools time_begin="16:03:41.292381" time_end="16:03:41.293415"
time="2024-11-20T16:03:41+01:00" level=info msg="state completed" component=installer duration=0.753 state=sift-config time_begin="16:03:41.301145" time_end="16:03:41.301898"
time="2024-11-20T16:03:41+01:00" level=info msg="state completed" component=installer duration=0.684 state=sift-desktop-include time_begin="16:03:41.302115" time_end="16:03:41.302799"
time="2024-11-20T16:03:42+01:00" level=info msg="log file location" component=installer file=/var/cache/cast/installer/logs/saltstack.log
time="2024-11-20T16:03:42+01:00" level=info msg="results file location" component=installer file=/var/cache/cast/installer/logs/results.yaml
time="2024-11-20T16:03:42+01:00" level=warning msg="first failed state" comment="One or more requisite failed: sift.python-packages.volatility.sift-python-volatility-community-plugins" component=installer run_num=104 sls=sift.python-packages.volatility
time="2024-11-20T16:03:42+01:00" level=info msg=statistics component=installer failed=50 success=623 total=673
time="2024-11-20T16:03:42+01:00" level=info msg="salt-call completed but had failed states" component=installer
time="2024-11-20T16:03:42+01:00" level=fatal msg="salt-call completed but had failed states"

saltstack.log doesn't immediately provide me with more info so that I can pinpoint it to a faulty Python package. It has lines such as:

  test_|-sift-server-version-file_|-install-complete_|-nop:
    __id__: sift-server-version-file
    __run_num__: 576
    __sls__: sift.server
    changes: {}
    comment: 'One or more requisite failed: sift.python-packages.volatility.sift-python-volatility-plugins-malprocfind.py-absent,
      sift.python-packages.volatility.sift-python-volatility-plugins-autoruns.py-absent,
      sift.scripts.pe-carver.sift-scripts-pecarve, sift.scripts.densityscout.sift-tool-densityscout-archive,
      sift.scripts.pe-carver.sift-scripts-pecarve-shebang, sift.python-packages.volatility.sift-python-volatility-plugins-editbox.py-absent,
      sift.python-packages.volatility.sift-python-volatility-plugins-ssdeepscan.py-absent,
      sift.python-packages.capstone.sift-python-packages-capstone, sift.python-packages.volatility.sift-python-volatility-plugins-openioc_scan.py-absent,
      sift.python-packages.windowsprefetch.sift-python-packages-windowsprefetch, sift.python-packages.volatility.sift-python-packages-volatility-malfind-yarascan-options2,
      sift.scripts.sift-scripts, sift.python-packages.volatility.sift-python-packages-volatility-malfind-yarascan-options1,
      sift.python-packages.volatility.sift-python-volatility-mimikatz-plugin-update,
      sift.scripts.packerid.sift-scripts-packerid, sift.python-packages.volatility.sift-python-volatility-community-plugins,
      sift.python-packages.s2sphere.sift-python-packages-s2sphere, sift.python-packages.geoip2.sift-python-packages-geoip2,
      sift.python-packages.volatility.sift-python-volatility-plugins-trustrecords.py-absent,
      sift.scripts.pescanner.sift-scripts-pescanner, sift.python-packages.volatility.sift-python-volatility-plugins-usnparser.py-absent,
      sift.scripts.vshot.sift-scripts-vshot, sift.scripts.vshot.sift-scripts-vshot-config-bulk-extractor,
      sift.python-packages.sift-python-packages, sift.python-packages.volatility.sift-python-volatility-plugins-malfinddeep.py-absent,
      sift.python-packages.volatility.sift-python-volatility-plugins-prefetch.py-absent,
      sift.scripts.densityscout.sift-tool-densityscout-binary, sift.python-packages.yara-python.sift-python-packages-yara-python,
      sift.python-packages.volatility.sift-python-volatility-plugins-uninstallinfo.py-absent,
      sift.python-packages.indxparse.sift-python-packages-indxparse, sift.python-packages.appcompatprocessor.appcompatprocessor,
      sift.python-packages.volatility.sift-python-volatility-plugins-firefoxhistory.py-absent,
      sift.python-packages.volatility.sift-python-volatility-plugins-javarat.py-absent,
      sift.python-packages.volatility.sift-python-volatility-plugins-idxparser.py-absent,
      sift.python-packages.volatility.sift-python-volatility-sift-plugins, sift.scripts.densityscout.sift-tool-densityscout-link,
      sift.python-packages.pefile.sift-python-packages-pefile, sift.python-packages.dpapick.dpapick,
      sift.include-server.sift-server-include, sift.python-packages.volatility.sift-python-volatility-plugins-apihooksdeep.py-absent,
      sift.python-packages.m2crypto.sift-python-packages-m2crypto, sift.scripts.vshot.sift-scripts-vshot-config-volatility,
      sift.python-packages.volatility.sift-python-volatility-plugins-pstotal.py-absent,
      sift.scripts.packerid.sift-scripts-packerid-shebang, sift.python-packages.indxparse.sift-python-packages-indxparse-shebang,
      sift.scripts.pescanner.sift-scripts-pescanner-shebang, sift.python-packages.volatility.sift-python-volatility-plugins-chromehistory.py-absent,
      sift.python-packages.volatility.sift-python-volatility-plugins-mimikatz.py-absent'
    duration: 0.004
    name: install-complete
    result: false
    start_time: '16:03:35.942176'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants