diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml new file mode 100644 index 00000000000..6b992ecf9fb --- /dev/null +++ b/.github/workflows/gh-pages.yml @@ -0,0 +1,32 @@ +name: github pages + +on: + push: + branches: + - main # Set a branch to deploy + pull_request: + +jobs: + deploy: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + with: + submodules: true # Fetch Hugo themes (true OR recursive) + fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod + + - name: Setup Hugo + uses: peaceiris/actions-hugo@v2 + with: + hugo-version: 'latest' + # extended: true + + - name: Build + run: hugo --minify + + - name: Deploy + uses: peaceiris/actions-gh-pages@v3 + if: github.ref == 'refs/heads/main' + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./public diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000000..01a0b24ef74 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "themes/hugo-theme-learn"] + path = themes/hugo-theme-learn + url = https://github.com/matcornic/hugo-theme-learn.git diff --git a/archetypes/default.md b/archetypes/default.md new file mode 100644 index 00000000000..33624ec8b05 --- /dev/null +++ b/archetypes/default.md @@ -0,0 +1,6 @@ +--- +title: "{{ replace .Name "-" " " | title }}" +date: {{ .Date }} +draft: false +weight: 20 +--- diff --git a/config.yaml b/config.yaml new file mode 100644 index 00000000000..efbf67b3f94 --- /dev/null +++ b/config.yaml @@ -0,0 +1,12 @@ +baseURL: http://www.velocidex.com/ +languageCode: en-us +title: "Velociraptor - Digging deeper!" + +theme: "hugo-theme-learn" + +menu: + shortcuts: + - name: " Github repo" + identifier: "ds" + url: "https://github.com/Velocidex/velociraptor" + weight: 10 diff --git a/content/overview/_index.md b/content/overview/_index.md new file mode 100644 index 00000000000..554f69f9581 --- /dev/null +++ b/content/overview/_index.md @@ -0,0 +1,87 @@ ++++ +title = "Overview" +date = 2021-06-09T02:33:37Z +weight = 5 +chapter = false +pre = "1. " ++++ + +# Velociraptor Installation and overview +### Introducing the little green reptile! + +In this chapter we introduce the tool and explain the rationale behind its design. +We will deploy Velociraptor in a cloud environment - We aim to be as close to how one would deploy it on a real deployment as possible. +We will play with the GUI and introduce some of the main concepts + + +## What is Velociraptor? + +Velociraptor is a unique DFIR tool, giving you power and flexibility through the Velociraptor Query Language (VQL) +VQL is used for everything: + +* Collecting information from endpoints (also called clients) +* Controlling monitoring and response on endpoints +* Controlling and managing the Velociraptor server. + + +95 +The VFS view is similar to many other forensic packages. This makes it easier to use but it is very much less effective than writing artifacts! + +129 +The Velociraptor Reverse Proxy +Velociraptor has a built in reverse proxy + +This allows us to serve other web applications through the Velociraptor server. Velociraptor will take care of authentication and SSL for free. +It is useful to export the filestore so users can just download the files they want. + + +Export the file store over HTTPS +GUI: + reverse_proxy: + - route: /files/ + url: file:///var/tmp/velociraptor/clients/ + require_auth: true + + +130 + +131 +Browse the internal file store and note the location of different files. + +132 +Double check your security +It is really important that auth is required! +Test this twice! +Try to get one of the URLs with no authentication using curl - it should redirect to the auth screen. + + + +Conclusions +In this module we introduced Velociraptor - a powerful endpoint visibility solution +We mentioned that Velociraptor is based on VQL - a flexible query language +We installed Velociraptor in a cloud deployment, prepared custom MSI packages and distributed them using group policy to our endpoints. +133 + +Conclusions +We introduced the Velociraptor GUI +The Virtual Filesystem abstraction (VFS) provides server side caching of the client’s filesystem +We can navigate and refresh our view of the client’s filesystem in a familiar way. +We learned about artifacts as a way of encapsulating VQL queries in a human readable, functionally focused YAML file. +134 + +Conclusions +We learned how artifacts can be collected from one end point +Exporting the collection into a zip file can archive the files collected and query results as CSV files. +Leveling up, we can collect the same artifact from many systems. This is called a hunt. +Exporting the hunt as a Zip file allows large collections to be archived as a snapshot from the entire deployment. +135 + + +### Velociraptor Overview + +# Velociraptor Installation and Overview + +![Test](media/image4.png) + + +Lorem Ipsum. diff --git a/content/overview/deployment/_index.md b/content/overview/deployment/_index.md new file mode 100644 index 00000000000..76cfa120a53 --- /dev/null +++ b/content/overview/deployment/_index.md @@ -0,0 +1,111 @@ +--- +title: "Deployment" +date: 2021-06-09T03:52:24Z +draft: false +weight: 2 +--- + +## Deployment overview + +Persistent communications C&C +Velociraptor Server +Web based admin console +Assets +Admin + +![Deployment Overview](overview.png?width=80pc&classes=shadow) + + +## Typical deployments + +Velociraptor is very efficient and scalable: +Server simply collects the results of queries - clients do all the heavy lifting. +Client memory and CPU usage is controlled via throttling and active cancellations. +Server is optimized for speed and scalability +Concurrency control ensures stability +Bandwidth limits ensure network stability + +## Typical deployments + +Current recommendations +10k-15k clients - single server with file based data store (usually cloud VM). +SSL load is the biggest load - TLS offloading helps a lot! +8 GB RAM/8 cores is generous towards the top of the range. +We recommend Ubuntu/Debian server + +## Multi-Frontend configuration +Available since 0.5.9 - suitable for > 10k endpoints +Still considered experimental - help us test it! +Master/Minion model +Outside the scope of this course but you can find more information in our blog post + + +### Deploying Velociraptor + + +Run Velociraptor on your machine +Download Velociraptor from GitHub (.msi or .exe) + +```sh +"C:\program files\Velociraptor\Velociraptor.exe" gui +``` + +#### Self Signed SSL mode + +Frontend served using TLS on port 8000 (connected to clients) +GUI uses basic authentication with usernames/passwords. +GUI Served over loopback port 8889 (127.0.0.1) +By default not exposed to the network +You can use SSH tunneling to forward the GUI + +#### Installing a new server + +Use the password provided in the Workshop setup to log into the server. +Fetch the latest Velociraptor Windows and Linux release binaries +Create a new configuration + +```sh +velociraptor config generate -i +``` + +Create a new server debian package + +```sh +velociraptor.exe --config server.config.yaml debian server --binary velociraptor-v0.5.5-windows.exe +``` + + +#### Installing a new server + +Push the debian package to the server using scp + +```sh +scp velociraptor_server*.deb mike@123.45.67.89:/tmp/ +``` + +Install package +```sh +sudo dpkg -i velociraptor_server*.deb +``` + +### Automating config generation + +Some people want to automate the config generation step. +Velociraptor supports a JSON merge for non interactive configuration generation + +```sh +velociraptor config generate --merge + '{"autocert_domain": "domain.com", "autocert_cert_cache": "/foo/bar"}' +``` + +The service adds a new velociraptor user to run under. +You can now access the Velociraptor server using your browser. + +The first time you navigate to the SSL URL the server will obtain a +certificate from Let's Encrypt. There will be a small pause as this +happens. + +You will be redirected to Google for authentication - Velociraptor +does not handle any credentials in this configuration. Google will +determine if the user authenticated properly (2 FA etc) and convey +simple info like the user’s email address and avatar. diff --git a/content/overview/deployment/clients/_index.md b/content/overview/deployment/clients/_index.md new file mode 100644 index 00000000000..5a963b6b54e --- /dev/null +++ b/content/overview/deployment/clients/_index.md @@ -0,0 +1,120 @@ +--- +title: "Clients" +date: 2021-06-09T03:53:38Z +draft: false +weight: 20 +--- + + +Now let’s configure some clients. + +45 +Deploying clients +We typically distribute signed MSI packages which include the client’s config file inside them. +This makes it easier to deploy as there is only one package to install. + +We also change name of service/binary etc to make the service a little bit harder to stop. + +46 +Deploying clients +It is possible to embed the config in the clients using the velociraptor config repack command (more later) +Pros +Only a single binary no need for an additional config file + +Cons +You have to sign the binary again since the config alters the binary. + +Resigning binaries +After buying a code signing cert you can use a script to sign automatically. +We recommend having a standalone isolated signing machine or VM with FDE +47 + +48 +On your windows machine, Download the latest binary and the source code. +github.com/velocidex/velociraptor/releases + +49 +Velociraptor’s public directory +It is handy to have somewhere to serve files from. Velociraptor has a public directory where files are served without any authentication requirements + +We can use this to distribute third party binaries +We can serve velociraptor MSI files +We can serve various support files (yara rules etc). + +Velociraptor’s public directory +Select the Admin.Client.Upgrade artifact and upload the MSI to the tools setup page (We will learn about that in the next few sessions). + +This will now produce a random URL you can serve the MSI from. +50 + +Copy WIX source to desktop. +51 + +52 +Build an MSI using Wix Toolkit +Extract the docs/wix directory from the Velociraptor source tree. +These are the required files to construct a new MSI +The main file we use is custom.xml . This file will embed the config file within the MSI and deploy it to the correct directory. + +53 +There are many knobs to tweak here +The name of the binary +The location of the files +The name of the service +The name of the config file. + +WIX will take the binary and config file from the Output directory, so create it and place the files there. + +54 + +55 +The custom msi contains the client config embedded in it. + +This is the recommended way to deploy clients. + +56 +After installing the MSI you should be able to see it immediately in the server’s search screen. + +57 +Domain deployment +We can deploy the MSI to the entire domain using group policy. + +2 Methods +Via scheduled tasks. +Via assigned software. + +58 +Create a share to serve the MSI from. + + +59 +Ensure everyone has read access from this share - and only administrators have write access! + +60 +Use the group policy management tool create a new Group Policy Object in the domain (or OU) + +61 +Edit the new GPO + +62 + +63 +Ensure the new scheduled task is run as system + + +64 +Using scheduled tasks you can run any binary - use this method to run interactive collection if you do not have a dedicated Velociraptor server + +65 +Ensure the new scheduled task is run only once + + +66 +Method 2 - install via assigned software packages in GPO + +The main advantage here is that it is possible to upgrade or uninstall Velociraptor easily + +67 + +68 +You will need to wait until group policy is updated on the endpoint or until the next reboot. The endpoint must be on the AD LAN diff --git a/content/overview/deployment/cloud/_index.md b/content/overview/deployment/cloud/_index.md new file mode 100644 index 00000000000..dd3bc1d728a --- /dev/null +++ b/content/overview/deployment/cloud/_index.md @@ -0,0 +1,32 @@ +--- +title: "Cloud" +date: 2021-06-09T04:01:47Z +draft: false +weight: 10 +--- + +Steps to deploy Velociraptor +Provision a VM in the cloud +Configure DNS (static or dynamic) +Configure OAuth2 SSO +Generate configuration files +Build debian packages and install +Build MSI packages for Windows +Deploy via GPO/SCCM etc. + +#### Setting Dynamic DNS with Google Domains + +Configuring Google OAuth2 requires a new project and a consent screen +Do not add an application logo or require more permissions - Google will require OAuth verification which can take weeks! + +Generate OAuth client credentials. +Note you can have multiple credentials and multiple domains in the same GCP project. + +The redirect URL is the url which Google will use to call back to Velociraptor with the user’s successful login. + +It must be + +https:///auth/google/callback + + +Note the client id and secret - we will need to provide it in the server config. diff --git a/content/overview/deployment/overview.png b/content/overview/deployment/overview.png new file mode 100644 index 00000000000..0e7a3faf3b0 Binary files /dev/null and b/content/overview/deployment/overview.png differ diff --git a/content/overview/deployment/rbac/_index.md b/content/overview/deployment/rbac/_index.md new file mode 100644 index 00000000000..1f738b3d512 --- /dev/null +++ b/content/overview/deployment/rbac/_index.md @@ -0,0 +1,56 @@ +--- +title: "Users and Roles" +date: 2021-06-09T03:11:23Z +draft: false +weight: 25 +--- + + +## User permissions + +When running the deb package Velociraptor is running as a non-root +user with limited permissions. You must change to this user before +manipulating any data, or the service may not be able to open the +modified files. Velociraptor will refuse running as another user or +as root to prevent permission problems sudo -u velociraptor ... + +## Role based Access Control + +Velociraptor uses a simple role based access control scheme for now + +Various Actions require specific permissions +Users are granted roles which bestow them with a set of permissions. + +## Granting a user role + +Currently roles are hard coded + +* administrator: Can do anything without limits +* reader: Can read collected data and notebooks +* api: Can connect over the API (more later) +* analyst: reader + create bulk downloads, edit notebooks +* investigator: analyst + schedule new collections and hunts +* artifact_writer: powerful role that allows the user to create and modify artifacts (more on this later) + +Just because a user is authenticated by Google does not mean they have +access to the Velociraptor console! + +You must authorize each user to access the console by granting them at least the reader role. + +Manipulate acls using the "acl show" "acl grant" command + +Your Velociraptor server is ready. +You should have a valid SSL Cert and Avatar provided by Google OAuth2 + + +{{% notice tip Velociraptor %}} + +Velociraptor internals, the file store: Velociraptor uses a filestore +abstraction to store data. By default, we use a simple directory +structure in the filesystem. Having simple files simplifies data +retention, data migration, backups etc. Makes it easy to integrate +with another system (use scp or rsync to just copy files around). If +files are deleted, Velociraptor will just recreate them - it is safe +to just remove everything! + +{{% /notice %}} diff --git a/content/overview/deployment/self-signed/_index.md b/content/overview/deployment/self-signed/_index.md new file mode 100644 index 00000000000..96b75b01750 --- /dev/null +++ b/content/overview/deployment/self-signed/_index.md @@ -0,0 +1,8 @@ +--- +title: "Self Signed" +date: 2021-06-09T04:00:52Z +draft: false +weight: 5 +--- + +#### Self Signed SSL mode diff --git a/content/overview/gui/_index.md b/content/overview/gui/_index.md new file mode 100644 index 00000000000..4ed4b896332 --- /dev/null +++ b/content/overview/gui/_index.md @@ -0,0 +1,32 @@ +--- +title: "Gui" +date: 2021-06-09T04:02:57Z +draft: false +weight: 4 +--- + + +69 +A Velociraptor GUI tour + +The Dashboard +The Dashboard shows the current state of the installation: +How many clients are connected +Current CPU load and memory footprint on the server. +When running hunts or intensive processing, memory and CPU requirements will increase but not too much. +You can customize the dashboard - it’s also just an artifact. +70 + +71 + +72 + +Clients have a persistent connection to the server. + +They’re ready to receive your commands. +73 +94 + + +117 +The template contains markdown composed from Golang Template Language. You can also run VQL in dashboards! diff --git a/content/overview/gui/artifacts/_index.md b/content/overview/gui/artifacts/_index.md new file mode 100644 index 00000000000..2e46f762edc --- /dev/null +++ b/content/overview/gui/artifacts/_index.md @@ -0,0 +1,125 @@ +--- +title: "Artifacts" +date: 2021-06-09T04:03:42Z +draft: false +weight: 15 +--- + + +96 +Velociraptor Artifacts +Fast, Efficient, Surgical + +97 +Velociraptor artifacts +Velociraptor is just a VQL engine! + +We package VQL queries in Artifacts: +YAML files +Include human description +Package related VQL queries into “Sources” +Take parameters for customization +Can in turn be used in VQL as well... + +98 +Refreshing the VFS simply schedules new artifacts to be collected - it is just a GUI convenience. +This also means we have a complete audit of users refreshing the VFS +Previous collected artifacts overview +Collected artifact details + +Velociraptor uses expert + knowledge to find the evidence +A key objective of Velociraptor is encapsulating DFIR knowledge into the platform, so you don’t need to be a DFIR expert. +We have high level questions to answer +We know where to look for evidence of user / system activities + +We build artifacts to collect and analyze the evidence in order to answer our investigative questions. +99 + +Velociraptor's superpower: +user specified artifacts +An artifact is a YAML file … +(therefore user-readable, shareable and editable) +… that answers a question … +… by collecting data from the endpoint … +… and reporting on this data in a human readable way. +Artifacts encode expert knowledge into human reusable components. + + + +100 + +101 +Artifact Description +Artifact Search area. +Actual VQL source + +102 +To collect a new artifact, from the Collected Artifacts screen, click Collect new artifact and search for it. Select Add to add it to this collection. When finished simply click Next. + +103 + +Velociraptor Artifacts +Velociraptor comes with a large number of artifact types +Client Artifacts run on the endpoint +Client Event artifacts monitor the endpoint +Server Artifacts run on the server +Server Event artifacts monitor for events on the server. + +104 +Depending on context, the GUI artifact search screen will only show the relevant artifact types. + +The View Artifacts page shows all types as well as details about each one. + +105 +All artifacts produce rows since they are just queries. +Some artifacts also upload files. You can create a download zip to export all the uploaded files. + +106 +The uploads tab shows the file's location on the server. + +You can download each one individually. + +107 +As the query is running on the endpoint any log messages are sent to the server. +Click the log tab to see if there were any errors and how many rows are expected. + +108 +Source Selector +Viewing the result tab shows the rows sent from every artifact and source. + + + +109 + +110 + +Searching, Viewing and Modifying artifacts +111 + +View artifacts +Artifacts are just YAML files +The “View Artifacts” screen allows users to explore the different available artifacts. + +While most users will just collect existing ones, we expect power users to customize and write their own artifacts from scratch. + + +112 + +113 +Search box +Description and Info +Available customization + +114 +User artifacts must have the prefix “Custom.”. You can collect the original or the customized version as you please. + +Customizing the dashboard +The main server dashboard is just an artifact called Server.Monitor.Health ! + +You can therefore modify it. + +I usually put the name of the deployment prominently and/or links to MSI or client config files - we have so many different deployments it is hard to keep track! +115 + +116 diff --git a/content/overview/gui/clients/_index.md b/content/overview/gui/clients/_index.md new file mode 100644 index 00000000000..5854f178a8f --- /dev/null +++ b/content/overview/gui/clients/_index.md @@ -0,0 +1,58 @@ +--- +title: "Clients" +date: 2021-06-09T04:12:07Z +draft: false +weight: 5 +--- + + +Interactively investigate +individual clients +74 + +Searching for a client +To work with a specific client we need to search for it. +Press the Search or Show All icon to see some clients +75 + +76 +Search for clients +hostname, label, or client ID. +You can start typing the hostname to auto-complete + +Client overview +The server collects some high level information about each endpoint. +Click VQL Drilldown to see more detailed information: +Client version +Client footprint (memory and CPU) + + +77 +You can customize the information collected and shown by editing the Generic.Client.Info artifact. + +78 +Clients have a unique ID starting with “C.”. Internally the client id is considered the most accurate source of endpoint identity + +Each client has arbitrary metadata so you can integrate it easily into your procedures + +79 +By default, VQL Drill Down shows the recent memory and CPU load of Velociraptor on the endpoint as well as the list of users. +This screen simply shows the report of the Generic.Client.Info artifact - you can edit the artifact to collect more/different info. +The GUI consists of familiar widgets: Here we can see the table widget which repeats often + +80 +You can show/hide columns as needed - this helps to see wider columns + +81 +You can see the raw data behind each table: +A table is simply a list of rows +Each row is a mapping + +82 +Velociraptor allows running shell commands on the endpoint using Powershell/Cmd/Bash + +Only Velociraptor users with the administrator role are allowed to do this! + +Actions are logged and audited +You can disable client shell ability by configuration policy - but this limits your DFIR efficacy. +Get-LocalGroupMember -Group "Administrators" diff --git a/content/overview/gui/hunting/_index.md b/content/overview/gui/hunting/_index.md new file mode 100644 index 00000000000..8cc9392bb10 --- /dev/null +++ b/content/overview/gui/hunting/_index.md @@ -0,0 +1,49 @@ +--- +title: "Hunting" +date: 2021-06-09T04:13:25Z +draft: false +weight: 20 +--- + + +118 +Hunting everywhere + +Hunting +Collecting the same artifact from many endpoints is called “hunting”. +A hunt is just a logical container for many individual collections +You can download all collections at the same time +You can see how many endpoints participated +You can select which machines will participate based on labels, OS or other conditions. +119 + +Hunting +Velociraptor hunts are always active until they expire +Endpoints not currently online will receive the hunt when they check in next. +Therefore the result set is always changing - you can prepare a new download to obtain the latest version of the hunt results. +120 + +Exercise - collect tasks everywhere +Repeat the previous artifact collection as a hunt. + +This captures the state of the deployment at a point in time when the hunt was collected. +121 + +122 + +123 +Velociraptor just collects artifacts - the artifact selection GUI is a repeating theme thats works the same way in different contexts! + +You can target hunts at specific label groups or OS. + +124 + +125 + +126 + +127 +When hunting large numbers of endpoints data grows quickly! + +128 +You can post process the hunt results directly in the hunt notebook diff --git a/content/overview/gui/vfs/_index.md b/content/overview/gui/vfs/_index.md new file mode 100644 index 00000000000..c6f2eaa1500 --- /dev/null +++ b/content/overview/gui/vfs/_index.md @@ -0,0 +1,70 @@ +--- +title: "Vfs" +date: 2021-06-09T04:12:50Z +draft: false +weight: 10 +--- + + + + +83 +Interactively fetching files from the endpoint + +The Virtual File System (VFS) +The VFS visualizes some server-side information we collect about the clients. +Top level corresponds to the type of information we collect: +File - Access the file system using the filesystem API +NTFS - Access the file system using raw NTFS parsing (Windows Only) +Registry - Access the Windows Registry using the Registry API (Windows Only) +Artifacts - A view of all artifacts collected from the client sorted by artifact type, and then times when they were collected. + +84 + +File accessor +85 +Uses the OS APIs to access files (unless locked then it fallback to NTFS) + +NTFS Accessor +86 +Uses raw NTFS parsing providing access to special files and ADS + +Registry Accessor +87 +Provides access to registry using the Windows API. +Keys are like directories and Values are files. +Since Values are typically small, they are also retrieved as a result of a directory listing - in most cases there is no need to download content explicitly. + +Note that registry mapping occurs so take care when accessing virtual keys like HKEY_CURRENT_USER or HKEY_USERS + +88 + +89 + +Artifacts accessor +90 +This shows the artifacts collected from the endpoint grouped by artifact + +This is useful to see the timeline of the same artifact collected at different times. + +91 + +Navigating the interface +92 +Click the “Refresh this directory” will schedule a directory listing artifact and wait for the results (usually very quick if the endpoint is online). +The “Recursively refresh this directory” will schedule a recursive refresh - this may take some time! After this operation a lot of the VFS will be pre-populated already. +“Collect from client” will retrieve the file data to the server. After which, the floppy disk sign indicates that we have file data available and you can click the “Download” link to get a copy of the file. + +Refresh directory from endpoint (can be done recursively) +Fetch file contents from endpoint +Remember that the VFS view is simply a server side cache of information we know about the endpoint - it is usually out of date! + +Exercise: Determine user activity +Task: We suspect a user account had been compromised. +Did the user download malware? + +Freely explore the interface to answer this question +Useful artifacts include +Download directory content +Internet browser history +Temporary files diff --git a/content/overview/history/_index.md b/content/overview/history/_index.md new file mode 100644 index 00000000000..73cb8099680 --- /dev/null +++ b/content/overview/history/_index.md @@ -0,0 +1,48 @@ +--- +title: "History" +date: 2021-06-09T03:51:18Z +draft: false +weight: 1 +--- + + +## History + +Velociraptor draws inspiration from two major projects: + +* GRR https://github.com/google/grr +* OSQuery https://github.com/osquery/osquery + + + +### Velociraptor vs GRR + +In common + +Hunting across large number of endpoints +Can collect file data +Free Open source (FOSS) + +Different + +Much faster +Lower footprint +A flexible query language +Very simple to deploy +Event based queries +Commercially supported FOSS + +### Velociraptor vs OSQuery + +In common + +Rely on a query language to access machine state +Single binary with no dependencies +Multi-platform +Different + +VQL is much more powerful and intuitive than SQL +Much faster than OSQuery +Can transfer file data +Can modify the system +Remote client/server control and orchestration in the same tool. diff --git a/content/overview/media/image4.png b/content/overview/media/image4.png new file mode 100644 index 00000000000..e787d67ce6e Binary files /dev/null and b/content/overview/media/image4.png differ diff --git a/public/categories/index.xml b/public/categories/index.xml new file mode 100644 index 00000000000..b92677a38ef --- /dev/null +++ b/public/categories/index.xml @@ -0,0 +1,10 @@ + + + + Categories on My New Hugo Site + http://example.org/categories/ + Recent content in Categories on My New Hugo Site + Hugo -- gohugo.io + en-us + + diff --git a/public/index.xml b/public/index.xml new file mode 100644 index 00000000000..da9048579b7 --- /dev/null +++ b/public/index.xml @@ -0,0 +1,10 @@ + + + + My New Hugo Site + http://example.org/ + Recent content on My New Hugo Site + Hugo -- gohugo.io + en-us + + diff --git a/public/sitemap.xml b/public/sitemap.xml new file mode 100644 index 00000000000..6bf7bad8cbe --- /dev/null +++ b/public/sitemap.xml @@ -0,0 +1,17 @@ + + + + + http://example.org/categories/ + + + + http://example.org/ + + + + http://example.org/tags/ + + + diff --git a/public/tags/index.xml b/public/tags/index.xml new file mode 100644 index 00000000000..201eda6bf43 --- /dev/null +++ b/public/tags/index.xml @@ -0,0 +1,10 @@ + + + + Tags on My New Hugo Site + http://example.org/tags/ + Recent content in Tags on My New Hugo Site + Hugo -- gohugo.io + en-us + + diff --git a/themes/hugo-theme-learn b/themes/hugo-theme-learn new file mode 160000 index 00000000000..d198cbe65f0 --- /dev/null +++ b/themes/hugo-theme-learn @@ -0,0 +1 @@ +Subproject commit d198cbe65f064575df1ab02415980d6e44363bf9