I can not install phantom using ./soar-install

sidnakvee · ‎11-09-2024

Hi !

I am stuck for my home lab trying to install phantom on VM . All steps for soar-prep competed fine but then I tried ./soar-install seeing errors like :

Error: Cannot run as the root user
Error: The install directory (/opt/phantom) is not owned by the installation owner (root)
Pre-deploy checks failed with errors

Directory has root access with all folders in it image attched .

{"component": "installation_log", "time": "2024-11-10T02:02:56.071875", "logger": "install.deployments.deployment", "pid": 2005, "level": "ERROR", "file": "/opt/phantom/splunk-soar/install/deployments/deployment.py", "line": 175, "message": "Error: The install directory (/opt/phantom) is not owned by the installation owner (root)", "install_run_uuid": "17e0674c-b035-4696-9f75-acf2297ab325", "start_time": "2024-11-10T02:02:54.547287", "install_mode": "install", "installed_version": null, "proposed_version": "6.3.0.719", "deployment_type": "unpriv", "continue_from": null, "phase": "pre-deploy", "operation_status": "failed", "time_elapsed_since_start": 1.524704}
{"component": "installation_log", "time": "2024-11-10T02:02:56.072144", "logger": "install", "pid": 2005, "level": "ERROR", "file": "/opt/phantom/splunk-soar/./soar-install", "line": 105, "message": "Pre-deploy checks failed with errors", "install_run_uuid": "17e0674c-b035-4696-9f75-acf2297ab325", "start_time": "2024-11-10T02:02:54.547287", "install_mode": "install", "installed_version": null, "proposed_version": "6.3.0.719", "deployment_type": "unpriv", "continue_from": null, "time_elapsed_since_start": 1.525168, "pretty_exc_info": ["Traceback (most recent call last):", " File \"/opt/phantom/splunk-soar/./soar-install\", line 82, in main", " deployment.run()", " File \"/opt/phantom/splunk-soar/install/deployments/deployment.py\", line 145, in run", " self.run_pre_deploy()", " File \"/opt/phantom/splunk-soar/usr/python39/lib/python3.9/contextlib.py\", line 79, in inner", " return func(*args, **kwds)", " File \"/opt/phantom/splunk-soar/install/deployments/deployment.py\", line 178, in run_pre_deploy", " raise DeploymentChecksFailed(", "install.install_common.DeploymentChecksFailed: Pre-deploy checks failed with errors"]}

SOARt_of_Lost · ‎11-12-2024

Just to clarify the discussion I see here, everything under /opt/phantom should be owned by the phantom user. If any of the folders are owned by the root user instead of the phantom, SOAR may not run (or install in this case) properly.

This is mentioned in the installation instructions but it's a single line toward the bottom and easy to miss. "Make sure you are logged in as the user meant to own the Splunk SOAR (On-premises) installation. Do not perform the installation command as the root user."

Given how early you are in the process, it might just be best to start fresh rather than changing permissions on every folder.

PickleRick · ‎11-10-2024

You are supposed to install SOAR using a nonprivileged user.

sidnakvee · ‎11-10-2024

Hi !

thanks for your reply yeah I tied with phantom account as well still see error for folder permission ro soar-phantom . Not sure what mistake I am doing .

Is there any detaied video link or documntation to follow ? thanks

PickleRick · ‎11-10-2024

Did you verify the permissions? If you created the directory with root ownership and 755 permissions, the non-root user won't be able to use it.

sidnakvee · ‎11-09-2024

Sorry forgot to mention its version 6.3.0

I can not install phantom using ./soar-install

using SOAR ⁄ Phantom

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...