From b1ef753f5861ebf918d3c830399ccc5d4b652ee9 Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Sun, 26 Jul 2020 17:41:58 -0700
Subject: [PATCH 1/3] Fixing Velociraptor

---
 ESXi/ansible/roles/logger/tasks/main.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/ESXi/ansible/roles/logger/tasks/main.yml b/ESXi/ansible/roles/logger/tasks/main.yml
index fce8b74..d03edf9 100644
--- a/ESXi/ansible/roles/logger/tasks/main.yml
+++ b/ESXi/ansible/roles/logger/tasks/main.yml
@@ -394,17 +394,28 @@
   become: yes
   shell: |
     echo "[$(date +%H:%M:%S)]: Installing Velociraptor..."
-    mkdir /opt/install_velociraptor
+    mkdir /opt/velociraptor
     echo "[$(date +%H:%M:%S)]: Attempting to determine the URL for the latest release of Velociraptor"
     LATEST_VELOCIRAPTOR_LINUX_URL=$(curl -sL https://github.com/Velocidex/velociraptor/releases/latest | grep 'linux-amd64' | grep -Eo "/(?[^\"]+)" | grep amd | sed 's#^#https://github.com#g')
     echo "[$(date +%H:%M:%S)]: The URL for the latest release was extracted as $LATEST_VELOCIRAPTOR_LINUX_URL"
     echo "[$(date +%H:%M:%S)]: Attempting to download..."
-    wget -P --progress=bar:force /opt/velociraptor "$LATEST_VELOCIRAPTOR_LINUX_URL"
+    wget -P /opt/velociraptor --progress=bar:force "$LATEST_VELOCIRAPTOR_LINUX_URL"
     if [ "$(file /opt/velociraptor/velociraptor*linux-amd64 | grep -c 'ELF 64-bit LSB executable')" -eq 1 ]; then
       echo "[$(date +%H:%M:%S)]: Velociraptor successfully downloaded!"
     else
       echo "[$(date +%H:%M:%S)]: Failed to download the latest version of Velociraptor. Please open a DetectionLab issue on Github."
-      return
+    fi
+    cd /opt/velociraptor || exit 1
+    mv velociraptor-*-linux-amd64 velociraptor
+    chmod +x velociraptor
+    cp /vagrant/resources/velociraptor/server.config.yaml /opt/velociraptor
+    echo "[$(date +%H:%M:%S)]: Creating Velociraptor dpkg..."
+    ./velociraptor --config /opt/velociraptor/server.config.yaml debian server
+    echo "[$(date +%H:%M:%S)]: Installing the dpkg..."
+    if dpkg -i velociraptor_*_server.deb >/dev/null; then
+      echo "[$(date +%H:%M:%S)]: Installation complete!"
+    else
+      echo "[$(date +%H:%M:%S)]: Failed to install the dpkg"
     fi
 
 - name: Install Suricata

From f68a8a412092cb120ab379cd095936db61f3dfc0 Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Sun, 26 Jul 2020 17:43:21 -0700
Subject: [PATCH 2/3] Fixing Velociraptor install

---
 Vagrant/bootstrap.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh
index a9ce3ec..09ffe27 100644
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -391,12 +391,14 @@ install_zeek() {
 
 install_velociraptor() {
   echo "[$(date +%H:%M:%S)]: Installing Velociraptor..."
-  mkdir /opt/install_velociraptor
+  if [ ! -d "/opt/velociraptor" ]; then
+    mkdir /opt/velociraptor
+  fi
   echo "[$(date +%H:%M:%S)]: Attempting to determine the URL for the latest release of Velociraptor"
   LATEST_VELOCIRAPTOR_LINUX_URL=$(curl -sL https://github.com/Velocidex/velociraptor/releases/latest | grep 'linux-amd64' | grep -Eo "/(?[^\"]+)" | grep amd | sed 's#^#https://github.com#g')
   echo "[$(date +%H:%M:%S)]: The URL for the latest release was extracted as $LATEST_VELOCIRAPTOR_LINUX_URL"
   echo "[$(date +%H:%M:%S)]: Attempting to download..."
-  wget -P --progress=bar:force /opt/velociraptor "$LATEST_VELOCIRAPTOR_LINUX_URL"
+  wget -P /opt/velociraptor --progress=bar:force "$LATEST_VELOCIRAPTOR_LINUX_URL"
   if [ "$(file /opt/velociraptor/velociraptor*linux-amd64 | grep -c 'ELF 64-bit LSB executable')" -eq 1 ]; then
     echo "[$(date +%H:%M:%S)]: Velociraptor successfully downloaded!"
   else

From 6393da6c3a62aec63f6ef256c3dea5cc5bee9320 Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Mon, 27 Jul 2020 21:54:54 -0700
Subject: [PATCH 3/3] Update bootstrap.sh

---
 Vagrant/bootstrap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh
index 09ffe27..96efbb9 100644
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -266,7 +266,7 @@ install_fleet_import_osquery_config() {
 
     echo "[$(date +%H:%M:%S)]: Waiting for fleet service to start..."
     while true; do
-      result=$(curl --silent -k https://192.168.38.105:8412)
+      result=$(curl --silent -k https://127.0.0.1:8412)
       if echo "$result" | grep -q setup; then break; fi
       sleep 1
     done