How To Install SIFT Workstation On Ubuntu 20.0.4 [Updated]
Yo Wuddup Everybody It’s Ya Boi James here coming at you with an update blog post!
Today I’m going to detail the process of installing the SIFT Workstation on Ubuntu 20.0.4
Step 1: Let’s Download Our Prerequisite Files
Grab the SANS Files Here: https://github.com/teamdfir/sift-cli/releases/tag/v1.14.0-rc1 Make sure you grab the archive, as well as the “sift-cli-linux”, “sift-cli-linux.sig”, and “sift-cli.pub” files, which will allow us to verify the integrity of the files later on.
Grab a copy of GO that way we can compile and use Cosign which is the program we’ll be using to test the integrity of the files as mentioned above.
Step 2: Time to Install/Configure Go
- Unarchive the GO file. You’ll notice we pulled a specific version of GO, 1.16.4. The reason for this is because Cosign requires us to use that version specifically for the install at this current time.
sudo tar -xvf go1.16.4.linux-amd64.tar.gz
- Now we’ll be setting up the GO environment
sudo mv go /usr/local
- The next two lines entail variables for the environment
- GOROOT is for compiler/tools that comes from go installation.
- GOPATH is for your own go projects / 3rd party libraries in our case Cosign
Now you should be able to run GO by simply typing “go” and specifying a command. In our case let’s simply check the version to make sure everything’s up and running.
- At this point we should have everything necessary to get moving on installing SIFT. just one last thing.
Step 3: Installing Cosign
mv cosign-linux-amd64 /usr/local/bin/cosign
chmod +x /usr/local/bin/cosign
- Test Cosign:
Once it’s complete you should be able to run the next command to verify the SIFT Signatures
cosign verify-blob --key sift-cli.pub --signature sift-cli-linux.sig sift-cli-linux
Now to make the SIFT manager so we can install then update/manage SIFT as needed
sudo mv sift-cli-linux /usr/local/bin/sift
We’ll use chmod to make the file executable
chmod 755 /usr/local/bin/sift
755 means read and execute access for everyone and also write access for the owner of the file
Sudo apt-get update
If all has gone well now, we should be able to run our long awaited command :)
sudo sift install