In this post we are going to look at running auto ingest in a headless state. This will allow the auto ingest server to be rebooted without the need for human interaction to start the auto ingest node.
Auto Ingest
Auto Ingest is a experimental feature in Autopsy. It's best used in a multi-user cluster to help automate case workloads. One thing in the documentation that didn't make sense to me was the following: "Note that if the computer running Autopsy in auto ingest mode is restarted, someone must log into it to restart Autopsy. It does not start by itself." This is not entirely true as we will see in a minute.
Turns out, there is an undocumented feature to run auto ingest as a service. I started my journey into headless mode by looking for any clues in the documentation. I was unsuccessful at this so I turned to GitHub to see if there was anything in the various commits over the years. I was able to find a commit that was briefly added and then [removed[(https://github.com/sleuthkit/autopsy/commit/a02f02b700748c0dfd72cabdcdbedeaab43a6d78) from the documentation. It stated "Note that if the computer running Autopsy in auto ingest mode is restarted and the auto ingest node is not running as a service, someone must log into it to restart Autopsy." Interesting! It seems like, at some point, auto ingest was able to run as a service. The next step was to look at the source code.
Back to GitHub to look at the auto ingest code. After searching through various files, I came across the piece I was looking for in AutoIngestControlPanel.java. There is a definition called RUNNING_AS_SERVICE_PROPERTY that looks like the key to this mystery.
Putting it Together (Headless Mode)
Autopsy can be ran as a service so a user does not need to log into the auto ingest node to start it.
-J-Dautoingest.runningasservice=trueneeds to be added the the default_options in the autopsy.conf file.# options used by the launcher by default, can be overridden by explicit # command line switches default_options="--branding autopsy -J-Xms24m -J-Xmx4G -J-XX:MaxPermSize=128M -J-Xverify:none,
-J-XX:+UseG1GC -J-XX:+UseStringDeduplication -J-Dprism.order=sw -J-Dautoingest.runningasservice=true"
Download NSSM. In the same folder as NSSM, create a batch file named auto_ingest_service.bat with the following content:
@echo off nssm install Autopsy <PATH_TO_AUTOPSY>\Autopsy-4.20.0\bin\autopsy64.exe nssm set Autopsy DisplayName Autopsy Auto Ingest nssm set Autopsy Description Automated ingest service for Autopsy nssm set Autopsy Start SERVICE_AUTO_START nssm set Autopsy ObjectName LocalSystem nssm start Autopsy
From a command prompt, run auto_ingest_service.bat. If everything was successful, you should see the following output:
C:\nssm-2.24\nssm-2.24\win64>auto_ingest_service.bat
Service "Autopsy" installed successfully!
Set parameter "DisplayName" for service "Autopsy".
Set parameter "Description" for service "Autopsy".
Set parameter "Start" for service "Autopsy".
Reset parameter "ObjectName" for service "Autopsy" to its default.
Autopsy: START: The operation completed successfully.
With this setup, auto ingest is now running as a service and can survive reboots without having to log into the server and starting auto ingest.
No comments:
Post a Comment