I can not install phantom using ./soar-install

sidnakvee

Hi !

I am stuck for my home lab trying to install phantom on VM . All steps for soar-prep competed fine but then I tried ./soar-install seeing errors like :

Error: Cannot run as the root user
Error: The install directory (/opt/phantom) is not owned by the installation owner (root)
Pre-deploy checks failed with errors

Directory has root access with all folders in it image attched .

{"component": "installation_log", "time": "2024-11-10T02:02:56.071875", "logger": "install.deployments.deployment", "pid": 2005, "level": "ERROR", "file": "/opt/phantom/splunk-soar/install/deployments/deployment.py", "line": 175, "message": "Error: The install directory (/opt/phantom) is not owned by the installation owner (root)", "install_run_uuid": "17e0674c-b035-4696-9f75-acf2297ab325", "start_time": "2024-11-10T02:02:54.547287", "install_mode": "install", "installed_version": null, "proposed_version": "6.3.0.719", "deployment_type": "unpriv", "continue_from": null, "phase": "pre-deploy", "operation_status": "failed", "time_elapsed_since_start": 1.524704}
{"component": "installation_log", "time": "2024-11-10T02:02:56.072144", "logger": "install", "pid": 2005, "level": "ERROR", "file": "/opt/phantom/splunk-soar/./soar-install", "line": 105, "message": "Pre-deploy checks failed with errors", "install_run_uuid": "17e0674c-b035-4696-9f75-acf2297ab325", "start_time": "2024-11-10T02:02:54.547287", "install_mode": "install", "installed_version": null, "proposed_version": "6.3.0.719", "deployment_type": "unpriv", "continue_from": null, "time_elapsed_since_start": 1.525168, "pretty_exc_info": ["Traceback (most recent call last):", " File \"/opt/phantom/splunk-soar/./soar-install\", line 82, in main", " deployment.run()", " File \"/opt/phantom/splunk-soar/install/deployments/deployment.py\", line 145, in run", " self.run_pre_deploy()", " File \"/opt/phantom/splunk-soar/usr/python39/lib/python3.9/contextlib.py\", line 79, in inner", " return func(*args, **kwds)", " File \"/opt/phantom/splunk-soar/install/deployments/deployment.py\", line 178, in run_pre_deploy", " raise DeploymentChecksFailed(", "install.install_common.DeploymentChecksFailed: Pre-deploy checks failed with errors"]}

SOARt_of_Lost

Just to clarify the discussion I see here, everything under /opt/phantom should be owned by the phantom user. If any of the folders are owned by the root user instead of the phantom, SOAR may not run (or install in this case) properly.

This is mentioned in the installation instructions but it's a single line toward the bottom and easy to miss. "Make sure you are logged in as the user meant to own the Splunk SOAR (On-premises) installation. Do not perform the installation command as the root user."

Given how early you are in the process, it might just be best to start fresh rather than changing permissions on every folder.

PickleRick

You are supposed to install SOAR using a nonprivileged user.

sidnakvee

Hi !

thanks for your reply yeah I tied with phantom account as well still see error for folder permission ro soar-phantom . Not sure what mistake I am doing .

Is there any detaied video link or documntation to follow ? thanks

PickleRick

Did you verify the permissions? If you created the directory with root ownership and 755 permissions, the non-root user won't be able to use it.

sidnakvee

Sorry forgot to mention its version 6.3.0

I can not install phantom using ./soar-install

using SOAR ⁄ Phantom

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...