From 79319b614a43dd13100389ccce7be9d9dc1ab545 Mon Sep 17 00:00:00 2001 From: Garrett Beasley Date: Wed, 24 Apr 2024 14:56:10 -0700 Subject: [PATCH 1/2] add: certificate renewal support --- entrypoint | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/entrypoint b/entrypoint index 61c1312..521f5a1 100755 --- a/entrypoint +++ b/entrypoint @@ -21,6 +21,16 @@ if [ ! -f server.config.yaml ]; then ./velociraptor --config server.config.yaml user add $VELOX_USER $VELOX_PASSWORD --role $VELOX_ROLE fi +# Check Server Certificate Status, Re-generate if it's expiring in 24-hours or less +if true | ./velociraptor --config server.config.yaml config show --json | jq -r .Frontend.certificate | openssl x509 -text -enddate -noout -checkend 86400 >/dev/null; then + echo "Skipping renewal, certificate is not expired" +else + echo "Certificate is expired, rotating certificate." + ./velociraptor --config ./server.config.yaml config rotate_key > /tmp/server.config.yaml + cp ./server.config.yaml ./server.config.yaml.bak + mv /tmp/server.config.yaml /velociraptor/. +fi + # Re-generate client config in case server config changed ./velociraptor --config server.config.yaml config client > client.config.yaml From a1d60ecda35702780356afb532630a820c4e4285 Mon Sep 17 00:00:00 2001 From: Garrett Beasley Date: Wed, 24 Apr 2024 14:57:27 -0700 Subject: [PATCH 2/2] add: jq/curl back for certificate renewal checks --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d6761fc..5103ae1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ RUN chmod +x entrypoint && \ wget -O /opt/velociraptor/windows/velociraptor_client.exe "$WINDOWS_EXE" && \ wget -O /opt/velociraptor/windows/velociraptor_client.msi "$WINDOWS_MSI" && \ # Clean up - apt-get remove -y --purge curl wget jq && \ + apt-get remove -y --purge wget && \ apt-get clean WORKDIR /velociraptor CMD ["/entrypoint"]