This is a Work In Progress. Organization and setup method might change.
- Ubuntu 16.04 (Xenial)
- create a fresh ubuntu 16.04, if using vmware, use easy install and create a user
sansforensics - install saltstack
- download the latest signed release from the github releases page (see below for instructions)
- Saltstack expects a certain folder structure, you'll need to have a root directory (eg- /tmp/salt)
- You'll need to clone or extract the tarball to /tmp/salt/sift (yes it must be named sift)
- Example:
git clone https://github.com/sans-dfir/sift-saltstack /tmp/salt
sudo salt-call --local --file-root=/tmp/salt state.sls sift
You have full control over what you want to install from the SIFT distro. To really get a good understanding of what you can and cannot do I would encourage you to learn more about Saltstack.
This is intended to replace Step 4 from above. This will install just the deb packages and python packages that makes up the SIFT distro, it will not create any users, change backgrounds, or any other customization of the linux install you are on.
sudo salt-call --local --file-root=/tmp/salt state.sls sift.packagesReference: http://repo.saltstack.com/#ubuntu
wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main" | sudo tee /etc/apt/sources.list.d/saltstack.listsudo apt-get updatesudo apt-get install salt-minionsudo service salt-minion stop(Note: the SIFT install process will disable the minion altogether as we do not need it running as a service)