How To Install SIFT Workstation On Ubuntu 20.0
Yo Wuddup Everybody It’s Ya Boi James here coming at you with a new blog post!
Today I’m going to detail the process of installing the SIFT Workstation on Ubuntu 20.04.3
Step 1: Let’s Download Our Prerequisite Files
-
Grab the SANS Files Here: https://github.com/teamdfir/sift-cli/releases/tag/v1.14.0-rc1 Make sure you grab the archive, as well as the “sift-cli-linux”, “sift-cli-linux.sig”, and “sift-cli.pub” files, which will allow us to verify the integrity of the files later on.
-
Grab a copy of GO that way we can compile and use Cosign which is the program we’ll be using to test the integrity of the files as mentioned above.
wget https://dl.google.com/go/go1.16.4.linux-amd64.tar.gz
Step 2: Time to Install/Configure Go
- Unarchive the GO file. You’ll notice we pulled a specific version of GO, 1.16.4. The reason for this is because Cosign requires us to use that version specifically for the install at this current time.
sudo tar -xvf go1.16.4.linux-amd64.tar.gz
- Now we’ll be setting up the GO environment
sudo mv go /usr/local
- The next two lines entail variables for the environment
- GOROOT is for compiler/tools that comes from go installation.
- GOPATH is for your own go projects / 3rd party libraries in our case Cosign
export GOROOT=/usr/local/go
export GOPATH=$HOME/Projects/Proj1
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
-
Now you should be able to run GO by simply typing “go” and specifying a command. In our case let’s simply check the version to make sure everything’s up and running.
go version
- At this point we should have everything necessary to get moving on installing SIFT. just one last thing.
Step 3: Installing Cosign
go install github.com/sigstore/cosign/cmd/cosign@latest
-
Once it’s complete you should be able to run the next command to verify the SIFT Signatures
cosign verify-blob --key sift-cli.pub --signature sift-cli-linux.sig sift-cli-linux
-
Now to make the SIFT manager so we can install then update/manage SIFT as needed
sudo mv sift-cli-linux /usr/local/bin/sift
-
We’ll use chmod to make the file executable
chmod 755 /usr/local/bin/sift
-
755 means read and execute access for everyone and also write access for the owner of the file
Sudo apt-get update
-
If all has gone well now, we should be able to run our long awaited command :)
sudo sift install
Thanks Y’all! Please Let Me Know If You Found This Valuable and If You Have Any Questions Or Need Some Help Feel Free To Reach Out To Me via Twitter @j3st3rjam3s or through the contact page