Added a windows service.

* Configuration can now be embedded in the binary again. This allows customizing of the binary for specific deployments. * Can install or upgrade the service with a simple command line.
beerandgin · Aug 28, 2018 · f5d0578 · f5d0578
1 parent 0c145ac
commit f5d0578
Show file tree

Hide file tree

Showing 39 changed files with 1,653 additions and 470 deletions.
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@ emacs.desktop
 /debian/files
 /debian/velociraptor.debhelper.log
 *.debhelper
+ab0x.go
diff --git a/Makefile b/Makefile
@@ -21,9 +21,12 @@ ifneq ("$(MINGW_EXISTS)", "")
 	CGO_ENABLED = 1
 endif
 
+ASSETS := artifacts/b0x.yaml config/b0x.yaml
+
 # Just regular binaries for local testing. The GUI will be serving
 # files from the filesystem.
 build:
+	fileb0x $(ASSETS)
 	GOOS=linux GOARCH=amd64 \
             go build \
             -tags devel \
@@ -34,15 +37,15 @@ windows:
 ifeq ("$(MINGW_EXISTS)", "")
 	@echo Disabling cgo modules. To enable install $(MINGW_CC)
 endif
-	fileb0x artifacts/b0x.yaml
+	fileb0x $(ASSETS)
 	GOOS=windows GOARCH=amd64 \
         CC=$(CC) CGO_ENABLED=$(CGO_ENABLED) \
             go build \
             -ldflags "$(LDFLAGS)" \
 	    -o output/velociraptor.exe ./bin/
 
 darwin:
-	fileb0x gui/b0x.yaml artifacts/b0x.yaml
+	fileb0x gui/b0x.yaml $(ASSETS)
 	GOOS=darwin GOARCH=amd64 \
             go build \
             -tags release \
@@ -52,7 +55,7 @@ darwin:
 # Build release binaries. The GUI will embed assets and ship with
 # everything in it.
 release:
-	fileb0x gui/b0x.yaml artifacts/b0x.yaml
+	fileb0x gui/b0x.yaml $(ASSETS)
 	GOOS=linux GOARCH=amd64 \
             go build \
             -ldflags "$(LDFLAGS)" \
@@ -66,7 +69,7 @@ install: release
 
 clean:
 	rm -f gui/assets/ab0x.go \
-              artifacts/assets/ab0x.go
+              $(ASSETS)
 
 
 generate:

diff --git a/README.md b/README.md
@@ -19,7 +19,15 @@ To learn more about Velociraptor, read about it on our blog:
     $ velociraptor config generate > /etc/velociraptor.config.yaml
     ```
 
-3. Edit the config file and update any settings.
+3. Edit the config file and update any settings. In particular you
+   would probably need to update the following:
+
+   - Client.server_urls - the public-facing URLs to connect to the
+     server.
+
+   - Datastore.location and Datastore.filestore_directory - where to
+     store files on the server.
+
 4. To be able to log into the GUI you will need to make a user account
    with password.
     ```bash
@@ -53,29 +61,54 @@ To learn more about Velociraptor, read about it on our blog:
 NOTE: You may omit the --config flag if you include the location to
 the config file in the VELOCIRAPTOR_CONFIG environment variable.
 
+To create a windows executable:
+
+1. Embed the client config in the binary. This makes the binary self
+   contained for your particular installation. It is therefore very
+   easy to install:
+   ```bash
+   $ velociraptor config repack --exe velociraptor_windows.exe \
+      client.config.yaml my_velociraptor.exe
+   ```
+
+   Where velociraptor_windows.exe is the Windows binary release for
+   Velociraptor.
+
+2. On a windows system you can now install the service:
+   ```bash
+   $ my_velociraptor.exe service install
+   INFO:2018/08/28 00:18:19 Stopped service Velociraptor
+   INFO:2018/08/28 00:18:20 Copied binary to C:\Program Files\Velociraptor\Velociraptor.exe
+   INFO:2018/08/28 00:18:20 Installed service Velociraptor
+   INFO:2018/08/28 00:18:21 Started service Velociraptor
+   ```
+
+This will copy the binary into the install_dir specified in the config
+file, create and start the service.
+
 ## Running Velociraptor locally.
 
 Velociraptor is also useful as a local triage tool. In particular you
 might find Velociraptor's artifacts especially useful for quickly
 capturing important information about a running system. You can
 collect artifacts by using the "artifacts collect" command:
 
-```bash
-$ velociraptor artifacts list
-INFO:2018/08/20 22:28:56 Loaded 18 built in artifacts
-INFO:2018/08/20 22:28:56 Loaded 18 artifacts from artifacts/definitions/
-Linux.Applications.Chrome.Extensions
-Linux.Applications.Chrome.Extensions.Upload
-Linux.Applications.Docker.Info
-Linux.Applications.Docker.Version
-Linux.Debian.AptSources
-
-$ velociraptor artifacts list -v Linux.Debian.AptSources
-.... displays the artifacts
-
-$ velociraptor artifacts collect Linux.Debian.AptSources
-... Collects all the named artifacts
-```
+   ```bash
+   $ velociraptor artifacts list
+   INFO:2018/08/20 22:28:56 Loaded 18 built in artifacts
+   INFO:2018/08/20 22:28:56 Loaded 18 artifacts from artifacts/definitions/
+   Linux.Applications.Chrome.Extensions
+   Linux.Applications.Chrome.Extensions.Upload
+   Linux.Applications.Docker.Info
+   Linux.Applications.Docker.Version
+   Linux.Debian.AptSources
+
+   $ velociraptor artifacts list -v Linux.Debian.AptSources
+   .... displays the artifacts
+
+   $ velociraptor artifacts collect Linux.Debian.AptSources
+   ... Collects all the named artifacts
+   ```
 
 Explore more of Velociraptor's options using the -h flag.
 

diff --git a/actions/proto/actions.pb.go b/actions/proto/actions.pb.go
diff --git a/actions/proto/fingerprint.pb.go b/actions/proto/fingerprint.pb.go