{"id":9911,"date":"2021-07-30T14:06:07","date_gmt":"2021-07-30T11:06:07","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9911"},"modified":"2024-03-18T19:29:53","modified_gmt":"2024-03-18T16:29:53","slug":"install-and-setup-velociraptor-on-debian-10","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-velociraptor-on-debian-10\/","title":{"rendered":"Install and Setup Velociraptor on Debian 10"},"content":{"rendered":"\n<p>Welcome to our tutorial on how to install and setup Velociraptor on Debian 10.&nbsp;<a href=\"https:\/\/github.com\/Velocidex\/velociraptor\" target=\"_blank\" rel=\"noreferrer noopener\">Velociraptor<\/a>&nbsp;is an endpoint monitoring open source tool that allows collection of host based state information of various end points using Velocidex Query Language (VQL) queries for monitoring. It is based on GRR, OSQuery and Google\u2019s Rekall tool.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing Velociraptor on Debian 10<\/h2>\n\n\n\n<p>There are different methods of deploying Velociraptor as outlined on&nbsp;<a href=\"https:\/\/www.velocidex.com\/docs\/getting-started\/\" target=\"_blank\" rel=\"noreferrer noopener\">getting started page<\/a>.<\/p>\n\n\n\n<p>In this tutorial, we will deploy Velociraptor using the standalone deployment method. This method employs server-client deployment model. Agents are installed on clients systems to be monitored.<\/p>\n\n\n\n<p>Velociraptor has six main components:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Frontend<\/strong>&nbsp;\u2013 Frontend receives connections from clients.<\/li>\n\n\n\n<li><strong>Gui<\/strong>&nbsp;\u2013 Web UI for accessing velociraptor.<\/li>\n\n\n\n<li><strong>Client<\/strong>&nbsp;\u2013 Velociraptor endpoint agents<\/li>\n\n\n\n<li><strong>VQL Engine (VFilter)<\/strong>&nbsp;\u2013 Velociraptor Query Language used to query.<\/li>\n\n\n\n<li><strong>Data store<\/strong>&nbsp;\u2013 locations where Velociraptor is going to save its files.<\/li>\n\n\n\n<li><strong>File store<\/strong>&nbsp;\u2013 used by velociraptor for long term storage<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Download Linux binary Installer<\/strong><\/h3>\n\n\n\n<p>Get the latest Velociraptor Linux binary from the official&nbsp;<a href=\"https:\/\/github.com\/Velocidex\/velociraptor\/releases\" target=\"_blank\" rel=\"noreferrer noopener\">Velociraptor Github releases<\/a>&nbsp;page and save it to system binary directory.<\/p>\n\n\n\n<p>Download the current release version of Velociraptor from the Github repository page above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>VER=0.6.0<\/code><\/pre>\n\n\n\n<p>Replace the value of the VER variable above with the current release version number.<\/p>\n\n\n\n<p>Then run the command below to download Velociraptor installer;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/github.com\/Velocidex\/velociraptor\/releases\/download\/v$VER\/velociraptor-v$VER-linux-amd64 -O \/usr\/local\/bin\/velociraptor<\/code><\/pre>\n\n\n\n<p>This downloads the binary and save it as&nbsp;<code><strong>\/usr\/local\/bin\/velociraptor<\/strong><\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Make the Velociraptor Binary executable<\/strong><\/h3>\n\n\n\n<p>Once the download of the binary installer is complete, make it executable by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chmod +x \/usr\/local\/bin\/velociraptor<\/code><\/pre>\n\n\n\n<p>The binary should now be available on the current PATH.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>which velociraptor<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/local\/bin\/velociraptor<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Generate Velociraptor Server Config File<\/strong><\/h3>\n\n\n\n<p><em>Velociraptor uses a pair of configuration files to control the server and endpoints<\/em>.&nbsp;To generate server configuration file, you can use the command&nbsp;<code><strong>velociraptor config generate<\/strong><\/code>.<\/p>\n\n\n\n<p>To obtain help about this command, run;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>velociraptor config generate --help<\/code><\/pre>\n\n\n\n<p>You can run the command interactively or you can run it non-interactively and later customize the auto-generated configuration file.<\/p>\n\n\n\n<p>Before we proceed, create a configuration directory for Velociraptor;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/velociraptor<\/code><\/pre>\n\n\n\n<p>To run the Velociraptor configuration generation command interactively;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code> velociraptor config generate -i<\/code><\/pre>\n\n\n\n<p>When run, you will be prompted to provides some required details.<\/p>\n\n\n\n<p>Choose the operating system, which in this setup is Linux, press ENTER to proceed<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? \nWelcome to the Velociraptor configuration generator\n---------------------------------------------------\n\nI will be creating a new deployment configuration for you. I will\nbegin by identifying what type of deployment you need.\n\n\nWhat OS will the server be deployed on?\n  &#91;Use arrows to move, type to filter]\n<strong>&gt; linux\n<\/strong>  windows\n  darwin<\/code><\/pre>\n\n\n\n<p>Choose data store directory. <strong>press enter to choose default path otherwise, enter your path<\/strong>;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? Path to the datastore directory. (\/opt\/velociraptor) <strong>\/var\/tmp\/velociraptor<\/strong><\/code><\/pre>\n\n\n\n<p>Choose the kind of SSL\/TLS certs to use, we use self signed in this setup.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>&gt; Self Signed SSL\n<\/strong>  Automatically provision certificates with Lets Encrypt\n  Authenticate users with SSO<\/code><\/pre>\n\n\n\n<p>Set the frontend domain name that you can use to access Velociraptor;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? What is the public DNS name of the Frontend (e.g. www.example.com): &#91;? for help] (localhost) <strong>vraptor.kifarunix-demo.com<\/strong><\/code><\/pre>\n\n\n\n<p><strong>Ensure the hostname is resolvable<\/strong>.<\/p>\n\n\n\n<p>Set the Frontend and GUI ports;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? Enter the frontend port to listen on. 8000\n? Enter the port for the GUI to listen on. 8889\n? Are you using Google Domains DynDNS? No<\/code><\/pre>\n\n\n\n<p>Set the frontend login credentials. Press enter once you have set the users to end the user creation prompt;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? GUI Username or email address to authorize (empty to end): <strong>kifarunix-demo-admin<\/strong>\n? Password <strong>******<\/strong><\/code><\/pre>\n\n\n\n<p>Sample output after user creation;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n[INFO] 2021-04-26T18:16:59Z  _    __     __           _                  __ \n[INFO] 2021-04-26T18:16:59Z | |  \/ \/__  \/ \/___  _____(_)________ _____  \/ \/_____  _____ \n[INFO] 2021-04-26T18:16:59Z | | \/ \/ _ \\\/ \/ __ \\\/ ___\/ \/ ___\/ __ `\/ __ \\\/ __\/ __ \\\/ ___\/ \n[INFO] 2021-04-26T18:16:59Z | |\/ \/  __\/ \/ \/_\/ \/ \/__\/ \/ \/  \/ \/_\/ \/ \/_\/ \/ \/_\/ \/_\/ \/ \/ \n[INFO] 2021-04-26T18:16:59Z |___\/\\___\/_\/\\____\/\\___\/_\/_\/   \\__,_\/ .___\/\\__\/\\____\/_\/ \n[INFO] 2021-04-26T18:16:59Z                                   \/_\/ \n[INFO] 2021-04-26T18:16:59Z Digging deeper!                  https:\/\/www.velocidex.com \n[INFO] 2021-04-26T18:16:59Z This is Velociraptor 0.5.8 built on 2021-04-11T22:09:54Z (e468f54c) \n[INFO] 2021-04-26T18:16:59Z Generating keys please wait.... \n<\/code><\/pre>\n\n\n\n<p>Set the logging directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? Path to the logs directory. (\/var\/tmp\/velociraptor\/logs) <strong>\/var\/log\/velociraptor<\/strong><\/code><\/pre>\n\n\n\n<p>Set the path to write the configuration files to;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? Where should i write the server config file? (server.config.yaml) <strong>\/etc\/velociraptor\/server.config.yaml<\/strong><\/code><\/pre>\n\n\n\n<p>Client configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>? Where should i write the client config file? (client.config.yaml) <strong>\/etc\/velociraptor\/client.config.yaml<\/strong><\/code><\/pre>\n\n\n\n<p>And that is it.<\/p>\n\n\n\n<p>If you want to manually generate the configuration file for later customization, simply run<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>velociraptor config generate<\/code><\/pre>\n\n\n\n<p>This generates the config to the standard output.<\/p>\n\n\n\n<p>To save to a file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code> velociraptor config generate &gt; \/etc\/velociraptor\/server.config.yaml<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Velociraptor API, GUI, Monitoring bind addresses<\/h3>\n\n\n\n<p>Update the Velociraptor API, GUI, Monitoring bind addresses which is set to loopback address by default. Replace the IP: 192.168.59.12 with your server&#8217;s IP address.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -e '\/bind_address:\/{s\/127.0.0.1\/192.168.59.12\/}' -i \/etc\/velociraptor\/server.config.yaml<\/code><\/pre>\n\n\n\n<p>Optionally you can change the&nbsp;<em>server url<\/em>, the Frontend bind address etc.<\/p>\n\n\n\n<p>Additionally, you can open the configuration file, <strong><code>\/etc\/velociraptor\/server.config.yaml<\/code><\/strong>, for editing to update the Datastore location, where Velociraptor is going to save its files.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Datastore:\n  implementation: FileBaseDataStore\n  location: <strong>\/var\/tmp\/velociraptor<\/strong>\n  filestore_directory: <strong>\/var\/tmp\/velociraptor<\/strong><\/code><\/pre>\n\n\n\n<p>Its important to note client \u2013 server communications are encrypted over HTTPS. The keys are embedded in the configuration file.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Create Additional GUI user<\/strong>s<\/h3>\n\n\n\n<p>You can create additional user to access the GUI by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>velociraptor --config  \/etc\/velociraptor\/server.config.yaml user add admin --role administrator<\/code><\/pre>\n\n\n\n<p>Enter a password for the user when prompted:<\/p>\n\n\n\n<p>The above command adds the user&nbsp;<strong><em><code>admin<\/code><\/em><\/strong>&nbsp;with the&nbsp;<em><code>administrator<\/code><\/em>&nbsp;role.<\/p>\n\n\n\n<p>Other available roles are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>reader<\/li>\n\n\n\n<li>analyst<\/li>\n\n\n\n<li>investigator<\/li>\n\n\n\n<li>artifact_writer<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Start Velociraptor Frontend<\/strong><\/h3>\n\n\n\n<p>You can run Velociraptor in standalone mode or as a service.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Running Velociraptor in Standalone Mode<\/h4>\n\n\n\n<p>To run in standalone mode, use the&nbsp;<code><strong>frontend<\/strong><\/code>&nbsp;command as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>velociraptor -c  \/etc\/velociraptor\/server.config.yaml frontend -v<\/code><\/pre>\n\n\n\n<p><code>-v<\/code>&nbsp;flag is used to show verbose output on the terminal.<\/p>\n\n\n\n<p>Sample output:<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n[INFO] 2021-07-30T06:42:04-04:00  _    __     __           _                  __ \n[INFO] 2021-07-30T06:42:04-04:00 | |  \/ \/__  \/ \/___  _____(_)________ _____  \/ \/_____  _____ \n[INFO] 2021-07-30T06:42:04-04:00 | | \/ \/ _ \\\/ \/ __ \\\/ ___\/ \/ ___\/ __ `\/ __ \\\/ __\/ __ \\\/ ___\/ \n[INFO] 2021-07-30T06:42:04-04:00 | |\/ \/  __\/ \/ \/_\/ \/ \/__\/ \/ \/  \/ \/_\/ \/ \/_\/ \/ \/_\/ \/_\/ \/ \/ \n[INFO] 2021-07-30T06:42:04-04:00 |___\/\\___\/_\/\\____\/\\___\/_\/_\/   \\__,_\/ .___\/\\__\/\\____\/_\/ \n[INFO] 2021-07-30T06:42:04-04:00                                   \/_\/ \n[INFO] 2021-07-30T06:42:04-04:00 Digging deeper!                  https:\/\/www.velocidex.com \n[INFO] 2021-07-30T06:42:04-04:00 This is Velociraptor 0.6.0 built on 2021-06-25T02:05:13+10:00 (5957468b) \n[INFO] 2021-07-30T06:42:04-04:00 Loading config from file \/etc\/velociraptor\/server.config.yaml\n....\n....\n[INFO] 2021-07-30T06:42:05-04:00 Starting Hunt Dispatcher Service. \n[INFO] 2021-07-30T06:42:05-04:00 Compiled all artifacts. \n[INFO] 2021-07-30T06:42:05-04:00 Starting the hunt manager service with rate limit 30\/s. \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from Server.Internal.HuntModification \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from System.Hunt.Participation \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from Server.Internal.Label \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from System.Flow.Completion \n[INFO] 2021-07-30T06:42:05-04:00 Starting Enrollment service. \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from System.Flow.Completion \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from Server.Internal.Enrollment \n[INFO] 2021-07-30T06:42:05-04:00 server_monitoring: Starting Server Monitoring Service \n[INFO] 2021-07-30T06:42:05-04:00 Closing Server Monitoring Event table \n[INFO] 2021-07-30T06:42:05-04:00 server_monitoring: Updating monitoring table \n[INFO] 2021-07-30T06:42:05-04:00 Starting VFS writing service. \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from System.Flow.Completion \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from System.Flow.Completion \n[INFO] 2021-07-30T06:42:05-04:00 Starting Server Artifact Runner Service \n[INFO] 2021-07-30T06:42:05-04:00 Watching for events from Server.Internal.ClientDelete \n[INFO] 2021-07-30T06:42:05-04:00 Throttling connections to 100 QPS \n[INFO] 2021-07-30T06:42:05-04:00 Starting gRPC API server on 192.168.59.12:8001  \n[INFO] 2021-07-30T06:42:05-04:00 Launched Prometheus monitoring server on 192.168.59.12:8003  \n[INFO] 2021-07-30T06:42:05-04:00 GUI is ready to handle TLS requests on https:\/\/192.168.59.12:8889\/ \n[INFO] 2021-07-30T06:42:05-04:00 Frontend is ready to handle client TLS requests at https:\/\/vraptor.kifarunix-demo.com:8000\/ \n<\/code><\/pre>\n\n\n\n<p>The output indicates which port the GUI and Front-end are listening on.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Accessing Velociraptor Web Interface<\/h4>\n\n\n\n<p>Access the server on&nbsp;<strong>https:\/\/SERVER-IP:8889<\/strong>. Use the user and password created earlier.<\/p>\n\n\n\n<p>GUI communications are authenticated with basic Auth.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Running Velociraptor as a service<\/strong><\/h4>\n\n\n\n<p>You can create systemd service to run Velociraptor as a service.<\/p>\n\n\n\n<p>Create the systemd service file:<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/velociraptor.service << EOL\n[Unit]\nDescription=Velociraptor linux amd64\nAfter=syslog.target network.target\n\n[Service]\nType=simple\nRestart=always\nRestartSec=120\nLimitNOFILE=20000\nEnvironment=LANG=en_US.UTF-8\nExecStart=\/usr\/local\/bin\/velociraptor -c \/etc\/velociraptor\/server.config.yaml frontend -v\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd daemon:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>Start and enable velociraptor to start at boot time:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now velociraptor <\/code><\/pre>\n\n\n\n<p>Check the status of velociraptor.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status velociraptor<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf velociraptor.service - Velociraptor linux amd64\n   Loaded: loaded (\/etc\/systemd\/system\/velociraptor.service; enabled; vendor preset: enabled)\n   Active: active (running) since Fri 2021-07-30 06:46:01 EDT; 6s ago\n Main PID: 1157 (velociraptor)\n    Tasks: 8 (limit: 2359)\n   Memory: 45.2M\n   CGroup: \/system.slice\/velociraptor.service\n           \u2514\u25001157 \/usr\/local\/bin\/velociraptor -c \/etc\/velociraptor\/server.config.yaml frontend -v\n\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Watching for events from System.Flow.Completion\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Watching for events from System.Flow.Completion\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Starting Server Artifact Runner Service\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Watching for events from Server.Internal.ClientDelete\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Throttling connections to 100 QPS\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Starting gRPC API server on 192.168.59.12:8001\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Launched Prometheus monitoring server on 192.168.59.12:8003\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 GUI is ready to handle TLS requests on https:\/\/192.168.59.12:8889\/\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Frontend is ready to handle client TLS requests at https:\/\/vraptor.kifarunix-demo.com:8000\/\nJul 30 06:46:01 debian velociraptor[1157]: [INFO] 2021-07-30T06:46:01-04:00 Compiled all artifacts.\n<\/code><\/pre>\n\n\n\n<p>Access the GUI and login into the interface, you\u2019ll see Velociraptor GUI dashboard.<\/p>\n\n\n\n<p>If UFW is running, open the port in firewall;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow 8889\/tcp<\/code><\/pre>\n\n\n\n<p>Accept the self signed SSL warning and proceed to login to Velociraptor GUI.<\/p>\n\n\n\n<p>Login with the user credentials created before.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1912\" height=\"794\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-welcome-dashboard.png\" alt=\"\" class=\"wp-image-8754\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-welcome-dashboard.png?v=1620161651 1912w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-welcome-dashboard-768x319.png?v=1620161651 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-welcome-dashboard-1536x638.png?v=1620161651 1536w\" sizes=\"(max-width: 1912px) 100vw, 1912px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-welcome-dashboard.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1909\" height=\"936\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-dashboard.png\" alt=\"\" class=\"wp-image-8755\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-dashboard.png?v=1620161662 1909w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-dashboard-768x377.png?v=1620161662 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-dashboard-1536x753.png?v=1620161662 1536w\" sizes=\"(max-width: 1909px) 100vw, 1909px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/velociraptor-dashboard.png\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install and Configure Velociraptor Client<\/h3>\n\n\n\n<p>As stated before, Velociraptor server-client communication happens over an encrypted HTTPS channel. You can use self signed SSL or commercially trusted SSL certs.<\/p>\n\n\n\n<p><strong>If you had generated the velociraptor config file manually&nbsp;<\/strong>and you are using the signed SSL certs, then edit the&nbsp;<strong><em>\/etc\/velociraptor\/server.config.yaml<\/em><\/strong>&nbsp;configuration file and append the directive&nbsp;<code><strong>use_self_signed_ssl: true<\/strong><\/code>&nbsp;in the block below the&nbsp;<em><strong>Frontentd<\/strong>&nbsp;<strong>URL CA certificate<\/strong><\/em>&nbsp;so as to use the self signed certificate.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/velociraptor\/server.config.yaml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n  nonce: ERlmU1Ivj5w=\n<strong>  use_self_signed_ssl: true\n<\/strong>  writeback_darwin: \/etc\/velociraptor.writeback.yaml\n  writeback_linux: \/etc\/velociraptor.writeback.yaml\n...<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>If you had generated the configuration file manually, then generate the client configuration file<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code> velociraptor -c \/etc\/velociraptor\/server.config.yaml config client &gt; \/etc\/velociraptor\/client.config.yaml<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote td_pull_quote td_pull_center is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong><em>NOTE:<\/em><\/strong><br><em>Client configuration file contains CA certificate that is used for authentication between the client\u2019s machine and the Velociraptor Server.<\/em><\/p>\n<\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\">Install Velociraptor Clients on Linux and Windows Machines<\/h4>\n\n\n\n<p>Velociraptor clients can be configured in two ways;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Using Velociraptor Binary<\/strong><\/h5>\n\n\n\n<p>This method involves using Velociraptor binary and client configuration file generated from the server. The client configuration file has to be copied to the client machine. This method is ideal for testing purposes, for large deployment the second method, below, is preferred.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Using Velociraptor client packages<\/strong><\/h5>\n\n\n\n<p>This method packages the client configuration file on a Linux package or Windows installer which are then distributed to the clients target machines.<\/p>\n\n\n\n<p>Follow the link below to learn how to install and configure Velociraptor clients on Linux and Windows machines.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-velociraptor-client-on-linux-and-windows-systems\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Velociraptor Client on Linux and Windows Systems<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p>That brings us to the end of our guide on how to install and setup Velociraptor. Velociraptor is powerful open source tool that can be used to query hosts thus providing endpoint monitoring, digital forensic investigations and Threat Hunting.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Further Reading<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.velocidex.com\/docs\/\" target=\"_blank\" rel=\"noreferrer noopener\">Velociraptor Documentation<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-gvm-21-04-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install GVM 21.04 on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-clamav-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install ClamAV on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-nikto-web-scanner-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Nikto Web Scanner on Rocky Linux 8<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our tutorial on how to install and setup Velociraptor on Debian 10.&nbsp;Velociraptor&nbsp;is an endpoint monitoring open source tool that allows collection of host<\/p>\n","protected":false},"author":3,"featured_media":9914,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121],"tags":[997,3909,3908,2978,3910,2979],"class_list":["post-9911","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","tag-debian-10","tag-debian-10-velociraptor","tag-install-velciraptor-on-debian-10","tag-install-velociraptor","tag-linux-install-velociraptor","tag-velociraptor","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9911"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9911"}],"version-history":[{"count":4,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9911\/revisions"}],"predecessor-version":[{"id":21710,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9911\/revisions\/21710"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9914"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}