-
Notifications
You must be signed in to change notification settings - Fork 45
/
entrypoint
executable file
·46 lines (40 loc) · 2.96 KB
/
entrypoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash
set -e
BIND_ADDRESS="0.0.0.0"
PUBLIC_PATH="public"
LOG_DIR="."
DATASTORE_LOCATION="./"
FILESTORE_DIRECTORY="./"
CLIENT_DIR="/velociraptor/clients"
# Move binaries into place
cp /opt/velociraptor/linux/velociraptor . && chmod +x velociraptor
mkdir -p $CLIENT_DIR/linux && rsync -a /opt/velociraptor/linux/velociraptor /velociraptor/clients/linux/velociraptor_client
mkdir -p $CLIENT_DIR/mac && rsync -a /opt/velociraptor/mac/velociraptor_client /velociraptor/clients/mac/velociraptor_client
mkdir -p $CLIENT_DIR/windows && rsync -a /opt/velociraptor/windows/velociraptor_client* /velociraptor/clients/windows/
# If no existing server config, set it up
if [ ! -f server.config.yaml ]; then
./velociraptor config generate > server.config.yaml --merge '{"Frontend":{"public_path":"'$PUBLIC_PATH'", "hostname":"'$VELOX_FRONTEND_HOSTNAME'"},"API":{"bind_address":"'$BIND_ADDRESS'"},"GUI":{"bind_address":"'$BIND_ADDRESS'"},"Monitoring":{"bind_address":"'$BIND_ADDRESS'"},"Logging":{"output_directory":"'$LOG_DIR'","separate_logs_per_component":true},"Client":{"server_urls":["'$VELOX_SERVER_URL'"],"use_self_signed_ssl":true}, "Datastore":{"location":"'$DATASTORE_LOCATION'", "filestore_directory":"'$FILESTORE_DIRECTORY'"}}'
#sed -i "s#https://localhost:8000/#$VELOX_CLIENT_URL#" server.config.yaml
sed -i 's#/tmp/velociraptor#.#'g server.config.yaml
./velociraptor --config server.config.yaml user add $VELOX_USER $VELOX_PASSWORD --role $VELOX_ROLE
fi
# Check Server Certificate Status, Re-generate if it's expiring in 24-hours or less
if true | ./velociraptor --config server.config.yaml config show --json | jq -r .Frontend.certificate | openssl x509 -text -enddate -noout -checkend 86400 >/dev/null; then
echo "Skipping renewal, certificate is not expired"
else
echo "Certificate is expired, rotating certificate."
./velociraptor --config ./server.config.yaml config rotate_key > /tmp/server.config.yaml
cp ./server.config.yaml ./server.config.yaml.bak
mv /tmp/server.config.yaml /velociraptor/.
fi
# Re-generate client config in case server config changed
./velociraptor --config server.config.yaml config client > client.config.yaml
# Repack clients
./velociraptor config repack --exe clients/linux/velociraptor_client client.config.yaml clients/linux/velociraptor_client_repacked
./velociraptor --config client.config.yaml debian client --output clients/linux/velociraptor_client_repacked.deb
./velociraptor --config client.config.yaml rpm client --output clients/linux/velociraptor_client_repacked.rpm
./velociraptor config repack --exe clients/mac/velociraptor_client client.config.yaml clients/mac/velociraptor_client_repacked
./velociraptor config repack --exe clients/windows/velociraptor_client.exe client.config.yaml clients/windows/velociraptor_client_repacked.exe
./velociraptor config repack --msi clients/windows/velociraptor_client.msi client.config.yaml clients/windows/velociraptor_client_repacked.msi
# Start Velocoraptor
./velociraptor --config server.config.yaml frontend -v