search

Velocidex / velociraptor

Digging Deeper....
https://docs.velociraptor.app/
Other
2.96k stars 490 forks source link

Deleted clients appears when frontend restarted #3684

Closed mehmetbarispolat closed 2 months ago

mehmetbarispolat commented 2 months ago

I built and installed a client package using velociraptor-v0.72.4-linux-arm64, following the guidelines provided in the Deploying Clients documentation during the installation. While working on the frontend, after removing the package from the client machine and executing the client_delete() plugin on the frontend, the deleted client's information still appears upon restarting the frontend. I believe this issue is caused by the snapshot.json file in client_info.

config.yaml

version:
  name: velociraptor
  version: 0.72.0
  commit: 7e4da7a
  build_time: "2024-04-25T16:09:17Z"
  install_time: 1723030630
  ci_build_url: https://github.com/Velocidex/velociraptor/actions/runs/8835780218
  compiler: go1.22.2
Client:
  server_urls:
  - https://localhost:9000/
  ca_certificate: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  nonce: iitcm68PgjA=
  writeback_darwin: /tmp/velociraptor.writeback.yaml
  writeback_linux: /tmp/velociraptor.writeback.yaml
  writeback_windows: $ProgramFiles\Velociraptor\velociraptor.writeback.yaml
  level2_writeback_suffix: .bak
  tempdir_windows: $ProgramFiles\Velociraptor\Tools
  max_poll: 60
  nanny_max_connection_delay: 600
  windows_installer:
    service_name: Velociraptor
    install_path: $ProgramFiles\Velociraptor\Velociraptor.exe
    service_description: Velociraptor service
  darwin_installer:
    service_name: com.velocidex.velociraptor
    install_path: /usr/local/sbin/velociraptor
  version:
    name: velociraptor
    version: 0.72.0
    commit: 7e4da7a
    build_time: "2024-04-25T16:09:17Z"
    install_time: 1723030630
    ci_build_url: https://github.com/Velocidex/velociraptor/actions/runs/8835780218
    compiler: go1.22.2
  max_upload_size: 5242880
  local_buffer:
    memory_size: 52428800
    disk_size: 1073741824
    filename_linux: /var/tmp/Velociraptor_Buffer.bin
    filename_windows: $TEMP/Velociraptor_Buffer.bin
    filename_darwin: /var/tmp/Velociraptor_Buffer.bin
API:
  bind_address: 127.0.0.1
  bind_port: 9001
  bind_scheme: tcp
GUI:
  bind_address: 127.0.0.1
  bind_port: 9889
  gw_certificate: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  gw_private_key: |
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
  links:
  - text: Documentation
    url: https://docs.velociraptor.app/
    icon_url: data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI1MyIgaGVpZ2h0PSI2MyIgdmVyc2lvbj0iMS4xIiB2aWV3Qm94PSIwIDAgNTMgNjMiPjxwYXRoIGQ9Ik0yNyAzYy0zIDItMTMgOC0yMyAxMGw2IDMyYTEwMyAxMDMgMCAwIDAgMTcgMTZsNi01IDExLTExIDYtMzJDMzkgMTEgMzAgNSAyNyAzeiIgZmlsbD0iI2ZmZiIgZmlsbC1ydWxlPSJldmVub2RkIi8+PHBhdGggZD0iTTI2IDBDMjMgMiAxMiA4IDAgMTBjMSA3IDUgMzIgNyAzNWExMTMgMTEzIDAgMCAwIDE5IDE4bDctNiAxMi0xMmMyLTMgNi0yOCA4LTM1QzQwIDggMjkgMiAyNiAwWm0wIDU1LTYtNC04LTktNS0yNnYtMWwyLTFjOC0xIDE2LTYgMTYtNmwxLTEgMSAxczggNSAxNyA2bDEgMXYxcy0zIDIzLTUgMjZsLTggOWMtMiAyLTQgNC02IDR6IiBmaWxsPSIjYWIwMDAwIiBmaWxsLW9wYWNpdHk9IjEiIGZpbGwtcnVsZT0iZXZlbm9kZCIvPjxwYXRoIGQ9Ik0zOSAxOWExMzQ3IDEzNDcgMCAwIDEtMTMgMjZoLTJMMTQgMTloM2wyIDEgMSAxdjFhMjUwIDI1MCAwIDAgMSA2IDE3IDUyODkgNTI4OSAwIDAgMCA5LTIwaDR6IiBmaWxsPSIjMDAwIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIHN0cm9rZT0iIzAwMCIgc3Ryb2tlLWRhc2hhcnJheT0ibm9uZSIgc3Ryb2tlLWxpbmVjYXA9ImJ1dHQiIHN0cm9rZS1saW5lam9pbj0ibWl0ZXIiIHN0cm9rZS13aWR0aD0iMSIvPjwvc3ZnPg==
    type: sidebar
    new_tab: true
  authenticator:
    type: Basic
CA:
  private_key: |
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
Frontend:
  hostname: localhost
  bind_address: 0.0.0.0
  bind_port: 9000
  certificate: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  private_key: |
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
  dyn_dns: {}
  default_client_monitoring_artifacts:
  - Generic.Client.Stats
  GRPC_pool_max_size: 100
  GRPC_pool_max_wait: 60
  resources:
    connections_per_second: 100
    notifications_per_second: 30
    max_upload_size: 10485760
    expected_clients: 30000
Datastore:
  implementation: FileBaseDataStore
  location: /var/tmp/velociraptor/
  filestore_directory: /var/tmp/velociraptor/
Logging:
  separate_logs_per_component: true
  debug:
    disabled: true
  info:
    rotation_time: 604800
    max_age: 31536000
  error:
    rotation_time: 604800
    max_age: 31536000
Monitoring:
  bind_address: 127.0.0.1
  bind_port: 9003
api_config: {}
obfuscation_nonce: VmQxmPJcmUI=
defaults:
  hunt_expiry_hours: 168
  notebook_cell_timeout_min: 10

snapshot.json

{"client_id":"C.5d9c9905e4dcb73ee","info":"0a12432e35663673742737sc727347c74692310539c83478234"}
scudette commented 2 months ago

Fixed by #3717