diff --git a/artifacts/definitions/Admin/Client/Upgrade/Debian.yaml b/artifacts/definitions/Admin/Client/Upgrade/Debian.yaml new file mode 100644 index 00000000000..64d75a95aa2 --- /dev/null +++ b/artifacts/definitions/Admin/Client/Upgrade/Debian.yaml @@ -0,0 +1,41 @@ +name: Admin.Client.Upgrade.Debian +description: | + Remotely push new client updates to Debian hosts. + + NOTE: This artifact requires that you supply a client Debian package using the + tools interface or using the "debian client" command. Simply click on the tool + in the GUI and upload a package. + +tools: + - name: VelociraptorDebian + +parameters: + - name: SleepDuration + default: "600" + type: int + description: | + The package is typically large and we do not want to + overwhelm the server so we stagger the download over this many + seconds. + +sources: + - precondition: + SELECT OS From info() where OS = 'Linux' + + query: | + // Force the file to be copied to the real temp directory since + // we are just about to remove the Tools directory. + LET bin <= SELECT copy(filename=OSPath, + dest=expand(path="/tmp/") + basename(path=OSPath)) AS Dest + FROM Artifact.Generic.Utils.FetchBinary( + ToolName="VelociraptorLinux", IsExecutable=FALSE, + SleepDuration=SleepDuration) + + // Call the binary and return all its output in a single row. + // If we fail to download the binary we do not run the command. + SELECT * FROM foreach(row=bin, + query={ + SELECT * FROM execve( + argv=["dpkg", "-i", Dest], + length=10000000) + }) diff --git a/artifacts/definitions/Admin/Client/Upgrade/RedHat.yaml b/artifacts/definitions/Admin/Client/Upgrade/RedHat.yaml new file mode 100644 index 00000000000..b3db0b6a061 --- /dev/null +++ b/artifacts/definitions/Admin/Client/Upgrade/RedHat.yaml @@ -0,0 +1,41 @@ +name: Admin.Client.Upgrade.RedHat +description: | + Remotely push new client updates to Red Hat hosts. + + NOTE: This artifact requires that you supply a client Red Hat package using the + tools interface or using the "rpm client" command. Simply click on the tool + in the GUI and upload a package. + +tools: + - name: VelociraptorRedHat + +parameters: + - name: SleepDuration + default: "600" + type: int + description: | + The package is typically large and we do not want to + overwhelm the server so we stagger the download over this many + seconds. + +sources: + - precondition: + SELECT OS From info() where OS = 'Linux' + + query: | + // Force the file to be copied to the real temp directory since + // we are just about to remove the Tools directory. + LET bin <= SELECT copy(filename=OSPath, + dest=expand(path="/tmp/") + basename(path=OSPath)) AS Dest + FROM Artifact.Generic.Utils.FetchBinary( + ToolName="VelociraptorRedHat", IsExecutable=FALSE, + SleepDuration=SleepDuration) + + // Call the binary and return all its output in a single row. + // If we fail to download the binary we do not run the command. + SELECT * FROM foreach(row=bin, + query={ + SELECT * FROM execve( + argv=["rpm", "-U", Dest], + length=10000000) + }) diff --git a/artifacts/definitions/Admin/Client/Upgrade.yaml b/artifacts/definitions/Admin/Client/Upgrade/Windows.yaml similarity index 97% rename from artifacts/definitions/Admin/Client/Upgrade.yaml rename to artifacts/definitions/Admin/Client/Upgrade/Windows.yaml index 890498800bb..119621075e8 100644 --- a/artifacts/definitions/Admin/Client/Upgrade.yaml +++ b/artifacts/definitions/Admin/Client/Upgrade/Windows.yaml @@ -1,4 +1,4 @@ -name: Admin.Client.Upgrade +name: Admin.Client.Upgrade.Windows description: | Remotely push new client updates.