NetBSD/global-netbsd.sh
majekla a91836cd6b Upload files to "/"
added rclone-browser build
2024-07-11 14:03:01 +00:00

5779 lines
178 KiB
Bash

#!/bin/sh
# Check if dialog is present on the system (for graphical display).
# If not, install it.
if [ ! -x "/usr/pkg/bin/dialog" ]; then
echo "The dialog program is not installed. Installation in progress..."
pkgin -y in dialog
pkgin -y in pico
pkgin -y in curl
fi
checkInternetConnection () {
# Start background internet connection check
curl -m 3 http://example.com > /dev/null 2>&1 &
pid=$!
# Initialize the progress value
progress=0
# Loop to update the progress bar
while [ $progress -le 100 ]; do
# Check if curl is still running
if ! kill -0 "$pid" 2>/dev/null; then
# curl has finished
break
fi
# Update the progress bar
echo $progress
progress=$((progress + 33)) # Increase the progress without $/
sleep 1 # Wait 1 second
done | dialog --gauge "Checking Internet connection..." 6 35 0
# Check if the curl command was successful
wait $pid
exit_status=$?
if [ $exit_status -ne 0 ]; then
dialog --backtitle "Checking Internet connection" \
--title "Connection error" \
--msgbox "Internet access is not possible\nPlease check your connection" 6 35
NetworkMenu
fi
}
# checked
ItsOkInternet () {
dialog --backtitle "Internet OK !" \
--title " Result" \
--msgbox "Internet OK !" 5 17
}
# checked
InstallSudo () {
# Dialog window to get the username
user=$(dialog --title "Adding sudo user" --inputbox "Please enter the username to be added to the sudo group" 8 60 2>&1 1>/dev/tty)
# Check if the user exists using the 'getent passwd' command.
countus=$(getent passwd "$user" | cut -d: -f1)
case $countus in
"$user")
# The user exists, the script can continue.
# Installation of sudo in the background
if [ ! -x "/usr/pkg/bin/sudo" ]; then
checkInternetConnection
pkgin -y in sudo
fi
# Configuration of sudo after installation
groupadd sudo
# Check if the user is already in the sudo group
verifgroupsudo=$(getent group | grep sudo | grep -c "$user" | tr -d ' ')
if [ "$verifgroupsudo" -gt 0 ]; then
dialog --msgbox "The user is already a member of the sudo group" 5 50
else
# Adding the user to the sudo group
if ! usermod -G sudo "${user}"; then
dialog --msgbox "Adding the user to the sudo group failed" 7 44
return 1
fi
fi
# Uncomment the line for the sudo group.
sed -i "s/# %sudo/%sudo/" /usr/pkg/etc/sudoers
# Check if the user has been added to sudo group
verifgroupsudo=$(getent group | grep sudo | grep -c "$user" | tr -d ' ')
if [ "$verifgroupsudo" -gt 0 ]; then
dialog --msgbox "The user is now member of the sudo group" 5 45
fi
# Go back to Menu
UsersRightsMenu
;;
*)
# The user does not exist, display a message.
dialog --title "Erreur" --msgbox "This user does not exist" 5 28
InstallSudo
;;
esac
UsersRightsMenu
}
# checked
DesktopBundleApps () {
checkInternetConnection
# Menu Title
dialog --backtitle "Select programs" \
--title "Installing applications" \
--checklist "Select programs:" 30 70 20 \
firefox "Firefox web browser" off \
thunderbird "Thunderbird Mail Client" off \
keepassxc "KeePassXC password manager" off \
vlc "VLC multimedia player" off \
handbrake "HandBrake video encoder" off \
audacity "Audacity audio editor" off \
gimp "GIMP image editor" off \
ristretto "Ristretto image viewer" off \
youtube-dl "YouTube video downloader" off \
libreoffice "LibreOffice office suite" off \
unoconv "Unoconv document converter" off \
qpdfview "Qpdfview document viewer" off \
filezilla "FileZilla FTP client" off \
rclone "Rclone file transfer tool" off \
rclone-browser "Rclone GUI interface (kapintainsky)" off \
hexchat "HexChat IRC client" off \
pidgin "Pidgin messaging client" off \
psi "PSI messaging client" off \
wireshark "Wireshark network protocol analyzer" off \
nmap "Nmap network discovery tool" off \
zenmap "Nmap graphical interface (Zenmap)" off \
tor "Tor decentralized anonymous network" off \
openvpn "OpenVPN Virtual Private Network setup" off \
codeblocks "IDE for C/C++ development (Code::Blocks)" off \
EVERYTHING "Install every packages of the list" off 2>/tmp/choices
# Read the user choices from the temporary file.
choices=$(sed 's/"//g' < /tmp/choices)
# Count the number of selected programs.
num_choices=$(echo "$choices" | wc -w)
# Initialize the progress.
progress=0
(
# Install the selected programs.
for choice in $choices; do
# Calculate and update the progress.
progress=$((progress + 100 / num_choices))
echo $progress
if [ "$choice" = "EVERYTHING" ]; then
pkgin -y in firefox
echo 5
pkgin -y in thunderbird
echo 10
pkgin -y in keepassxc
echo 15
pkgin -y in vlc
echo 20
pkgin -y in handbrake
echo 25
pkgin -y in audacity
echo 30
pkgin -y in gimp
echo 35
pkgin -y in ristretto
echo 40
pkgin -y in youtube-dl
echo 45
pkgin -y in libreoffice
echo 50
pkgin -y in unoconv
echo 55
pkgin -y in qpdfview
echo 60
pkgin -y in filezilla
echo 65
pkgin -y in rclone
echo 70
pkgin -y in hexchat
echo 75
pkgin -y in pidgin
echo 80
pkgin -y in psi
echo 85
pkgin -y in wireshark
echo 90
pkgin -y in nmap
pkgin -y in zenmap
echo 95
pkgin -y in tor
pkgin -y in openvpn
pkgin -y in codeblocks
echo 100
else
if [ "$choice" = "rclone-browser" ]; then
pkgin install git cmake qt5-qtdeclarative rclone
cd /usr/pkg
git clone https://github.com/kapitainsky/RcloneBrowser.git
sed -i 's/QString::SkipEmptyParts/Qt::SkipEmptyParts/' /usr/pkg/RcloneBrowser/src/main_window.cpp
sed -i 's/player->start(stream, QProcess::ReadOnly);/QStringList arguments;\n arguments << stream;\n player->start("playerExecutable", arguments, QProcess::ReadOnly);/' /usr/pkg/RcloneBrowser/src/main_window.cpp
cd /usr/pkg/RcloneBrowser
mkdir build && cd build
cmake .. -DCMAKE_PREFIX_PATH:PATH=/usr/pkg/qt5 -DCMAKE_INSTALL_RPATH=/usr/pkg/qt5/lib
make
make install
else
pkgin -y in "$choice"
fi
fi
done
) | dialog --gauge "Installation in progress..." 6 32 0
# Go back to InstallProgramsMenu
InstallProgramsMenu
}
# checked
UsualTools () {
checkInternetConnection
#user=$(dialog --title "User" --inputbox "Please enter the username (not root!)" 8 50 2>&1 1>/dev/tty)
# Menu Title
dialog --backtitle "Utilities Selection" \
--title "Installing Utilities" \
--checklist "Select utilities:" 30 70 20 \
xfce4-thunar "Thunar File Manager" off \
xfce4-thunar-archive-plugin "Thunar Plugins" off \
xfce4-thunar-media-tags-plugin "Thunar Plugins" off \
xfce4-thunar-vcs-plugin "Thunar Plugins" off \
wget "wget Download Tool" off \
w3m "Text-based Web Browser" off \
lynx "Text-based Web Browser" off \
links "Text-based Web Browser" off \
rsync "rsync Sync and Backup Tool" off \
cesium "Text Editor" off \
emacs "Text Editor" off \
nano "Text Editor" off \
fuse "Foreign Filesystem Management" off \
fuse-ntfs "Foreign Filesystem Management" off \
fuse-exfat "Foreign Filesystem Management" off \
fuse-ext2 "Foreign Filesystem Management" off \
fuse-httpfs "Foreign Filesystem Management" off \
fuse-sshfs "Foreign Filesystem Management" off \
ntfsprogs "NTFS Partition Management" off \
dvd+rw-tools "CD/DVD/BD Burner" off \
cdrtools "CD/DVD/BD Burner" off \
wpa_gui "Wi-Fi Graphical Interface" off \
cups "Printing Server" off \
cups-filters "Printing Tools" off \
zip "Compression Tools" off \
unzip "Compression Tools" off \
bzip2 "Compression Tools" off \
bzip3 "Compression Tools" off \
htop "Diagnostic Tools" off \
hw-probe "Diagnostic Tools" off \
dbus "D-Bus System Message Bus" off \
tree "Tree Structure Display Tool" off \
git "Github Tools" off \
gh "Github Tools" off \
xscreensaver "xscreensaver Screensaver" off \
rdesktop "RDP Remote Desktop Tool" off \
remmina "Remmina Remote Desktop Client" off \
tigervnc "TigerVNC VNC client/server" off \
megatools "Mega Management Tools" off \
rp-pppoe "PPPoE connections" off \
EVERYTHING "Install every packages of the list" off 2>/tmp/util_choices
# Read the user choices from the temporary file.
util_choices=$(sed 's/"//g' < /tmp/util_choices)
# Count the number of selected utilities.
num_choices=$(echo "$util_choices" | wc -w)
# Initialize the progress.
progress=0
(
# Install the selected utilities.
for choice in $util_choices; do
# Calculate and update the progress.
progress=$((progress + 100 / num_choices))
echo $progress
if [ "$choice" = "EVERYTHING" ]; then
pkgin -y in xfce4-thunar
echo 2
pkgin -y in xfce4-thunar-archive-plugin
echo 4
pkgin -y in xfce4-thunar-media-tags-plugin
echo 6
pkgin -y in xfce4-thunar-vcs-plugin
echo 8
pkgin -y in wget
echo 10
pkgin -y in w3m
echo 12
pkgin -y in lynx
echo 14
pkgin -y in links
echo 16
pkgin -y in rsync
echo 18
pkgin -y in cesium
echo 20
pkgin -y in emacs
echo 22
pkgin -y in nano
echo 24
pkgin -y in fuse
echo 26
pkgin -y in fuse-ntfs
echo 28
pkgin -y in fuse-exfat
echo 30
pkgin -y in fuse-ext2
echo 32
pkgin -y in fuse-httpfs
echo 34
pkgin -y in fuse-sshfs
echo 36
pkgin -y in ntfsprogs
echo 38
pkgin -y in dvd+rw-tools
echo 40
pkgin -y in cdrtools
echo 42
pkgin -y in wpa_gui
echo 44
pkgin -y in cups
echo 46
pkgin -y in cups-filters
echo 48
pkgin -y in zip
echo 50
pkgin -y in unzip
echo 52
pkgin -y in bzip2
echo 54
pkgin -y in bzip3
echo 56
pkgin -y in htop
echo 58
pkgin -y in hw-probe
echo 60
pkgin -y in dbus
echo 62
pkgin -y in tree
echo 64
pkgin -y in git
echo 66
pkgin -y in gh
echo 68
pkgin -y in xscreensaver
echo 70
pkgin -y in rdesktop
echo 72
pkgin -y in remmina
echo 74
pkgin -y in tigervnc
echo 76
pkgin -y in megatools
echo 78
pkgin -y in rp-pppoe
mkdir /etc/ppp
cp /usr/pkg/share/examples/rp-pppoe/pppoe.conf /etc/ppp/
echo 80
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d/
check=$(grep -o "cupsd=" < /etc/rc.conf | wc -l | tr -d ' ')
if [ "$check" -eq 0 ]; then
echo cupsd=YES
service cupsd start
else
sed -i'' 's/cupsd=NO/cupsd=YES/' /etc/rc.conf
sed -i'' 's/#cupsd=NO/cupsd=YES/' /etc/rc.conf
sed -i'' 's/#cupsd=YES/cupsd=YES/' /etc/rc.conf
fi
check=$(grep -o "dbus=" < /etc/rc.conf | wc -l | tr -d ' ')
if [ "$check" -eq 0 ]; then
echo dbus=YES >> /etc/rc.conf
service dbus start
else
sed -i'' 's/dbus=NO/dbus=YES/' /etc/rc.conf
sed -i'' 's/#dbus=NO/dbus=YES/' /etc/rc.conf
sed -i'' 's/#dbus=YES/dbus=YES/' /etc/rc.conf
fi
echo 100
# Go back to InstallProgramsMenu
InstallProgramsMenu
else
pkgin -y in "$choice"
fi
if [ "$choice" = "cups" ]; then
check=$(grep -o "cupsd=" < /etc/rc.conf | wc -l | tr -d ' ')
if [ "$check" -eq 0 ]; then
echo cupsd=YES
service cupsd start
else
sed -i'' 's/cupsd=NO/cupsd=YES/' /etc/rc.conf
sed -i'' 's/#cupsd=NO/cupsd=YES/' /etc/rc.conf
sed -i'' 's/#cupsd=YES/cupsd=YES/' /etc/rc.conf
fi
fi
if [ "$choice" = "dbus" ]; then
check=$(grep -o "dbus=" < /etc/rc.conf | wc -l | tr -d ' ')
if [ "$check" -eq 0 ]; then
echo dbus=YES
service dbus start
else
sed -i'' 's/dbus=NO/dbus=YES/' /etc/rc.conf
sed -i'' 's/#dbus=NO/dbus=YES/' /etc/rc.conf
sed -i'' 's/#dbus=YES/dbus=YES/' /etc/rc.conf
fi
fi
if [ "$choice" = "rp-pppoe" ]; then
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d/
mkdir /etc/ppp
cp /usr/pkg/share/examples/rp-pppoe/pppoe.conf /etc/ppp/
fi
done
) | dialog --gauge "Installation in progress..." 6 32 0
# Go back to InstallProgramsMenu
InstallProgramsMenu
}
BuildTools () {
checkInternetConnection
#user=$(dialog --title "User" --inputbox "Please enter the username (not root!)" 8 50 2>&1 1>/dev/tty)
# Menu Title
dialog --backtitle "Build Tools Selection" \
--title "Installing Build Tools" \
--checklist "Select Tools:" 30 70 20 \
bmake "Build tool for NetBSD" off \
gcc13 "GNU Compiler Collection" off \
binutils "Binary utilities" off \
m4 "Macro processor" off \
cmake "Cross-platform make" off \
autoconf "Automatic configure script builder" off \
automake "Tool for generating Makefile.in files" off \
libtool "Generic library support script" off \
pkg-config "Package configuration tool" off \
cvs "Concurrent Versions System" off \
git "Distributed version control system" off \
groff "GNU troff text-formatting system" off \
gtexinfo "GNU documentation system" off \
openssl "Toolkit for SSL/TLS" off \
zlib "Compression library" off \
gdb "GNU Debugger" off \
EVERYTHING "Install every package from the list" off 2>/tmp/util_choices
# Read the user choices from the temporary file.
util_choices=$(sed 's/"//g' < /tmp/util_choices)
# Count the number of selected utilities.
num_choices=$(echo "$util_choices" | wc -w)
# Initialize the progress.
progress=0
(
# Install the selected utilities.
for choice in $util_choices; do
# Calculate and update the progress.
progress=$((progress + 100 / num_choices))
echo $progress
if [ "$choice" = "EVERYTHING" ]; then
pkgin -y in bmake
echo 5
pkgin -y in gcc13
echo 10
pkgin -y in binutils
echo 15
pkgin -y in m4
echo 20
pkgin -y in cmake
echo 25
pkgin -y in autoconf
echo 30
pkgin -y in automake
echo 35
pkgin -y in libtool
echo 40
pkgin -y in pkg-config
echo 45
pkgin -y in cvs
echo 50
pkgin -y in git
echo 55
pkgin -y in groff
echo 60
pkgin -y in gtexinfo
echo 65
pkgin -y in openssl
echo 70
pkgin -y in zlib
echo 80
pkgin -y in gdb
echo 100
else
pkgin -y in "$choice"
fi
done
) | dialog --gauge "Installation in progress..." 6 32 0
# Go back to InstallProgramsMenu
InstallProgramsMenu
}
# checked
xfce4 () {
dialog --yesno "This installer will set up XFCE4 and Slim automatically\nIt will not care about graphics, so if you don't already have a correct display with CTWM, you should not go on with XFCE4\n\nYou must have installed a complete version of NetBSD (with X) in order to get it working because this script will not install X\n\nAn already existing username will be asked in order to configure XFCE4 to start automatically after Slim authentication\n\nOff course, you must be connected to internet.\n\nOne last thing (and not the least): you absolutely must install the applications and utilities (menu 4 - Programs) BEFORE going on installing XFCE/Slim or you'll face a lot of conflicts after" 20 70
goon_ornot=$?
if [ $goon_ornot -eq 1 ]; then
MainMenu
fi
checkInternetConnection
user=$(dialog --title "User" --inputbox "Please enter the username (not root !)" 8 45 2>&1 1>/dev/tty)
{
# Install Slim
pkgin -y in slim > /dev/null 2>&1
echo 50
pkgin -y in slim-themes > /dev/null 2>&1
checkslim=$(grep -o "slim=YES" < /etc/rc.conf | sort | uniq | wc -l | tr -d ' ')
if [ "$checkslim" -eq 0 ]; then
echo slim=YES >> /etc/rc.conf
sed -i "s/current_theme original/current_theme minimal/" /usr/pkg/etc/slim.conf
fi
sed -i "s/xdm=YES/xdm=NO/" /etc/rc.conf
echo 100
} | dialog --gauge "Installing Slim..." 6 23 0
{
# Install Xfce4
pkgin -y in elementary-xfce-icon-theme > /dev/null 2>&1
echo 2
pkgin -y in libxfce4ui > /dev/null 2>&1
echo 4
pkgin -y in libxfce4util > /dev/null 2>&1
echo 6
pkgin -y in ristretto > /dev/null 2>&1
echo 8
pkgin -y in xfburn > /dev/null 2>&1
echo 10
pkgin -y in xfce4 > /dev/null 2>&1
echo 12
pkgin -y in xfce4-appfinder > /dev/null 2>&1
echo 14
pkgin -y in xfce4-battery-plugin > /dev/null 2>&1
echo 16
pkgin -y in xfce4-calculator-plugin > /dev/null 2>&1
echo 18
pkgin -y in xfce4-clipman-plugin > /dev/null 2>&1
echo 20
pkgin -y in xfce4-conf > /dev/null 2>&1
echo 21
pkgin -y in xfce4-cpugraph-plugin > /dev/null 2>&1
echo 23
pkgin -y in xfce4-dashboard > /dev/null 2>&1
echo 24
pkgin -y in xfce4-desktop > /dev/null 2>&1
echo 26
pkgin -y in xfce4-dev-tools > /dev/null 2>&1
echo 27
pkgin -y in xfce4-dict > /dev/null 2>&1
echo 29
pkgin -y in xfce4-diskperf-plugin > /dev/null 2>&1
echo 30
pkgin -y in xfce4-exo > /dev/null 2>&1
echo 31
pkgin -y in xfce4-extras > /dev/null 2>&1
echo 33
pkgin -y in xfce4-eyes-plugin > /dev/null 2>&1
echo 34
pkgin -y in xfce4-fsguard-plugin > /dev/null 2>&1
echo 36
pkgin -y in xfce4-garcon > /dev/null 2>&1
echo 37
pkgin -y in xfce4-genmon-plugin > /dev/null 2>&1
echo 38
pkgin -y in xfce4-icon-theme > /dev/null 2>&1
echo 40
pkgin -y in xfce4-indicator-plugin > /dev/null 2>&1
echo 41
pkgin -y in xfce4-mailwatch-plugin > /dev/null 2>&1
echo 42
pkgin -y in xfce4-mount-plugin > /dev/null 2>&1
echo 50
pkgin -y in xfce4-mousepad > /dev/null 2>&1
echo 52
pkgin -y in xfce4-mpc-plugin > /dev/null 2>&1
echo 54
pkgin -y in xfce4-netload-plugin > /dev/null 2>&1
echo 56
pkgin -y in xfce4-notes-plugin > /dev/null 2>&1
echo 58
pkgin -y in xfce4-notifyd > /dev/null 2>&1
echo 60
pkgin -y in xfce4-orage > /dev/null 2>&1
echo 62
pkgin -y in xfce4-panel > /dev/null 2>&1
echo 64
pkgin -y in xfce4-places-plugin > /dev/null 2>&1
echo 66
pkgin -y in xfce4-power-manager > /dev/null 2>&1
echo 68
pkgin -y in xfce4-screenshooter > /dev/null 2>&1
echo 70
pkgin -y in xfce4-session > /dev/null 2>&1
echo 72
pkgin -y in xfce4-settings > /dev/null 2>&1
echo 73
pkgin -y in xfce4-smartbookmark-plugin > /dev/null 2>&1
echo 75
pkgin -y in xfce4-systemload-plugin > /dev/null 2>&1
echo 76
pkgin -y in xfce4-taskmanager > /dev/null 2>&1
echo 78
pkgin -y in xfce4-terminal > /dev/null 2>&1
echo 79
pkgin -y in xfce4-thunar > /dev/null 2>&1
echo 80
pkgin -y in xfce4-thunar-archive-plugin > /dev/null 2>&1
echo 81
pkgin -y in xfce4-thunar-media-tags-plugin > /dev/null 2>&1
echo 83
pkgin -y in xfce4-thunar-vcs-plugin > /dev/null 2>&1
echo 84
pkgin -y in xfce4-time-out-plugin > /dev/null 2>&1
echo 85
pkgin -y in xfce4-timer-plugin > /dev/null 2>&1
echo 87
pkgin -y in xfce4-tumbler > /dev/null 2>&1
echo 88
pkgin -y in xfce4-verve-plugin > /dev/null 2>&1
echo 89
pkgin -y in xfce4-wavelan-plugin > /dev/null 2>&1
echo 90
pkgin -y in xfce4-weather-plugin > /dev/null 2>&1
echo 91
pkgin -y in xfce4-whiskermenu-plugin > /dev/null 2>&1
echo 93
pkgin -y in xfce4-wm > /dev/null 2>&1
echo 94
pkgin -y in xfce4-wm-themes > /dev/null 2>&1
echo 96
pkgin -y in xfce4-xkb-plugin > /dev/null 2>&1
echo 97
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d/
echo 100
} | dialog --gauge "Installing Xfce..." 6 23 0
dialog --yesno "Would you like to set XFCE to French?" 5 46
xfce4_french=$?
if [ $xfce4_french -eq 0 ]; then
echo 'export LANG="fr_FR.UTF-8"' > /home/"$user"/.xsession
echo 'export LC_CTYPE="fr_FR.UTF-8"' >> /home/"$user"/.xsession
echo "startxfce4" >> /home/"$user"/.xsession
else
echo "startxfce4" > /home/"$user"/.xsession
fi
#echo 'export LANG="fr_FR.UTF-8"' > /home/$user/.xinitrc
#echo 'export LC_CTYPE="fr_FR.UTF-8"' >> /home/$user/.xinitrc
#echo "startxfce4" >> /home/$user/.xinitrc
#echo "startx" >> /home/$user/.profile
dialog --yesno "Would you like to restart now?" 5 34
restart_now=$?
if [ $restart_now -eq 0 ]; then
reboot
fi
MainMenu
}
# checked
PareFeu () {
echo "This script will allow you to quickly configure the NPF firewall
It provides a file of standard rules that will be placed in /etc/npf.conf
By default, the provided rules file will block all incoming traffic except for SSH (tcp/22) and allow all outgoing traffic in a stateful manner
A blocklist table for fail2ban is also present, with a blocking rule associated in case you install fail2ban later
However, the file contains a bunch of additional commented rules that will allow you to quickly adapt the configuration to your needs
The next screen will display the provided rules file in a text editor
You can make modifications as needed.
Once you have made your modifications, exit the file and save it without changing its location
At the end, you will be asked whether you confirm or not the application of the rules and the start of the firewall" > /tmp/ZRzepinzenr.tmp
fold -s -w 67 /tmp/ZRzepinzenr.tmp > /tmp/ZR2zepinzenr.tmp
dialog --title "NPF configuration" --textbox /tmp/ZR2zepinzenr.tmp 20 70
rm /tmp/ZR2zepinzenr.tmp /tmp/ZRzepinzenr.tmp
if [ -e "/etc/npf.conf" ]; then
dialog --yesno "A rule file already exists in /etc/npf.conf.\nDo you want to edit the current file or delete it and start over with the default configuration?" 7 53
check_file=$?
if [ $check_file -eq 0 ]; then
pico /etc/npf.conf
dialog --yesno "Do you want to activate the NPF firewall?\n\nIf you are connected via SSH, the connection will be lost upon activation.\nHowever, if you haven't modified the rule allowing SSH traffic, you will be able to reconnect immediately." 11 60
activate_npf=$?
if [ $activate_npf -eq 0 ]; then
checknpf=$(grep -o "npf=" < /etc/rc.conf | sort | uniq | wc -l | tr -d ' ')
if [ "$checknpf" -eq 0 ]; then
echo npf=YES >> /etc/rc.conf
else
sed -i'' 's/npf=NO/npf=YES/' /etc/rc.conf
sed -i'' 's/#npf=YES/npf=YES/' /etc/rc.conf
sed -i'' 's/#npf=NO/npf=YES/' /etc/rc.conf
fi
npfctl start
npfctl reload /etc/npf.conf
fi
SecurityMenu
fi
fi
# Creating the rules file:
{
echo "########################################################################"
echo " "
echo "# 1 - Provide information about your network interface(s):"
echo " "
echo "# WAN Interface :"
echo "\$WAN_if = \"wm0\""
echo "\$WAN_addrs = ifaddrs(wm0)"
echo " "
echo "# LAN Interface :"
echo "# (Uncomment the following only if the server acts as a gateway)"
echo "#\$LAN_if = \"wm1\""
echo "#\$LAN_addrs = ifaddrs(wm1)"
echo " "
echo 'alg "icmp"'
echo " "
echo "########################################################################"
echo " "
echo "# 2 - Define the networks"
echo " "
echo "# The RFC protects the server from private networks in case it is directly facing the internet."
echo "# (Uncomment only if the WAN IP is a public IP address)"
echo "#\$RFC1918 = { 10.0.0.0/8, 172.16.0.0/14, 192.168.0.0/16 }"
echo " "
echo "# (Uncomment only if the server acts as a gateway)"
echo "#\$LAN_net = { 10.10.10.0/24 }"
echo " "
echo "########################################################################"
echo " "
echo "# 3 - Create a NAT mapping for the LAN."
echo " "
echo "# (Uncomment only if the server acts as a gateway)"
echo "#map inet4(\$WAN_if) dynamic \$LAN_net -> inet4(\$WAN_if)"
echo " "
echo "########################################################################"
echo " "
echo "# 4 - Create a procedure for logging connections:"
echo " "
echo 'procedure "log" {'
echo ' # Send all events to a log (see npfd))'
echo ' log: npflog0'
echo '}'
echo " "
echo "########################################################################"
echo " "
echo "# 5 - Create tables"
echo " "
echo "# Create a table for fail2ban"
echo "table <fail2ban> type ipset"
echo " "
echo "########################################################################"
echo " "
echo "# 6 - Rule group for the WAN interface:"
echo " "
echo "group \"WAN\" on \$WAN_if {"
echo " "
echo " # Block IP from fail2ban table"
echo " block in final from <fail2ban> apply \"log\""
echo " "
echo " # Allow all stateful outgoing traffic by selecting the protocol:"
echo " #pass stateful out final proto tcp all"
echo " #pass stateful out final proto udp all"
echo " #pass stateful out final proto icmp all"
echo " #pass stateful out final proto ipv6-icmp all"
echo " "
echo " # Allow all stateful outgoing traffic (all protocols)."
echo " pass stateful out final all"
echo " "
echo " # SSH: Allow SSH connections to the server"
echo " pass stateful in on \$WAN_if proto tcp to \$WAN_addrs port ssh"
echo " "
echo " # Web Server: Allow HTTP and HTTPS connections to the server"
echo " #pass in final proto tcp from any to \$WAN_addrs port http"
echo " #pass in final proto tcp from any to \$WAN_addrs port https"
echo " "
echo " # DHCP: Allow incoming responses from the DHCP server."
echo " #pass in family inet4 proto udp from any port bootps to any port bootpc"
echo " #pass in family inet6 proto udp from any to any port \"dhcpv6-client\""
echo " "
echo " # Ping: Allow incoming ping requests"
echo ' #pass in family inet4 proto icmp icmp-type echo all'
echo ' #pass in final proto icmp icmp-type echo all'
echo ' #pass in final proto icmp icmp-type timxceed all'
echo ' #pass in final proto icmp icmp-type unreach all'
echo ' #pass in final proto icmp icmp-type echoreply all'
echo ' #pass in final proto icmp icmp-type sourcequench all'
echo ' #pass in final proto icmp icmp-type paramprob all'
echo ' #pass in final proto ipv6-icmp all'
echo ' #pass family inet6 proto ipv6-icmp all'
echo " "
echo ' # Traceroute: Allow incoming traceroute.'
echo ' #pass in proto udp to any port 33434-33600'
echo " "
echo ' # DNS: Allow incoming DNS requests'
echo ' #pass stateful out final proto udp to any port domain'
echo " "
echo ' # mDNS: Allow local traffic'
echo ' #pass in proto udp to any port mdns'
echo " "
echo ' # Block private networks:'
echo " #block in final from \$RFC1918 apply \"log\""
echo " #block out final to \$RFC1918 apply \"log\""
echo " "
echo ' # Forbidden IPs: (separate configuration)'
echo ' # ruleset "blacklistd"'
echo " "
echo " # IP Spoofing: Protect yourself (be careful not to cut off SSH access!)"
echo ' #block in final from 127.0.0.1 apply "log"'
echo " "
echo ' # L2TP/IPSEC-NAT-T Tunnels.'
echo " #pass in final proto esp from any to inet4(\$WAN_if)"
echo " #pass out final proto esp from inet4(\$WAN_if) to any"
echo " #pass stateful in final from any to inet4(\$WAN_if) port \"ipsec-nat-t\""
echo " #pass stateful in final from any to inet4(\$WAN_if) port l2tp"
echo " "
echo ' # IGMP on 224.0.0.1.'
echo ' #pass in final proto igmp all'
echo ' #pass in final from any to 224.0.0.0/4'
echo " "
echo ' # VNC'
echo " #pass in final proto tcp from any to any port 5900"
echo " "
echo '}'
echo " "
echo "########################################################################"
echo " "
echo "# 7 - Rule group for the LAN interface:"
echo " "
echo "# (This group manages rules for the LAN interface when the server acts as a gateway)"
echo " "
echo "#group \"LAN\" on \$LAN_if {"
echo " "
echo " # Allow stateful incoming and outgoing traffic"
echo ' #pass stateful out final all'
echo ' #pass stateful in final all'
echo " "
echo " # Allow connections from the LAN network:"
echo " #pass in final from \$LAN_net"
echo " "
echo " # Allow all traffic"
echo " #pass in final all"
echo " #pass out final all"
echo " "
echo '#}'
echo " "
echo "########################################################################"
echo " "
echo "# 8 - Default rule group:"
echo " "
echo 'group default {'
echo " "
echo ' # Loopback : Allow traffic'
echo " pass final on lo0 all"
echo " "
echo ' # Close the firewall'
echo ' block all apply "log"'
echo " "
echo '}'
echo "########################################################################"
} > /etc/npf.conf
pico /etc/npf.conf
dialog --yesno "Do you want to activate the NPF firewall?\n\nIf you are connected via SSH, the connection will be lost upon activation.\nHowever, if you haven't modified the rule allowing SSH traffic, you will be able to reconnect immediately." 10 60
activate_npf=$?
if [ $activate_npf -eq 0 ]; then
checknpf=$(grep -o "npf=" < /etc/rc.conf | sort | uniq | wc -l | tr -d ' ')
if [ "$checknpf" -eq 0 ]; then
# Launch NPF at startup:
echo npf=YES >> /etc/rc.conf
else
# Launch NPF at startup:
sed -i'' 's/npf=NO/npf=YES/' /etc/rc.conf
sed -i'' 's/#npf=YES/npf=YES/' /etc/rc.conf
sed -i'' 's/#npf=NO/npf=YES/' /etc/rc.conf
fi
# Start NPF, load the rules
npfctl start
npfctl reload /etc/npf.conf
fi
PareFeuMenu
}
# checked
ShowRulesNPF () {
if [ ! -e "/etc/npf.conf" ]; then
dialog --msgbox "The firewall is not yet configured." 5 38
PareFeuMenu
fi
npfctl show > /tmp/Gzebpnief.tmp
dialog --textbox /tmp/Gzebpnief.tmp 0 0
rm /tmp/Gzebpnief.tmp
PareFeuMenu
}
# checked
InstallFail2ban () {
{
# check if fail2ban is already installed
if [ ! -e /usr/pkg/bin/fail2ban-server ]; then
checkInternetConnection
echo 10
pkgin -y in fail2ban > /dev/null 2>&1
echo 50
cp /usr/pkg/share/examples/rc.d/fail2ban /etc/rc.d/
# check for fail2ban in /etc/rc.conf
check=$(grep -o 'fail2ban=' < /etc/rc.conf | sort | uniq | tr -d ' ')
if [ "$check" -eq 0 ]; then
echo fail2ban=YES >> /etc/rc.conf
else
sed -i'' "s/fail2ban=NO/fail2ban=YES/" /etc/rc.conf
sed -i'' "s/#fail2ban=YES/fail2ban=YES/" /etc/rc.conf
sed -i'' "s/#fail2ban=NO/fail2ban=YES/" /etc/rc.conf
fi
# check for other things :
mkdir /usr/pkg/etc/fail2ban/filter.d/ignorecommands
cp /usr/pkg/share/examples/fail2ban/filter.d/ignorecommands/apache-fakegooglebot /usr/pkg/etc/fail2ban/filter.d/ignorecommands/
chmod 0644 /usr/pkg/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
fi
echo 100
} | dialog --gauge "Check for fail2ban..." 6 25 0
# checking for NPF correct configuration for fail2ban :
if [ ! -e /etc/npf.conf ]; then
dialog --yesno "To allow fail2ban to function properly, the NPF firewall must be configured and started beforehand\n\nDo you want to configure NPF now?" 9 70
npfnow_ornot=$?
if [ $npfnow_ornot -eq 0 ]; then
PareFeu
fi
fi
#Check for previous configuration
if [ -e /usr/pkg/etc/fail2ban/jail.local ]; then
dialog --yesno "A previous configuration of Fail2ban has been found\n\nWould you like to edit it (Yes) or start from a new configuration (No)" 8 70
new_ornot=$?
if [ $new_ornot -eq 1 ]; then
# Standard fail2ban.local :
{
echo '[INCLUDES]'
echo 'before = paths-pkgsrc.conf'
echo ''
echo '[DEFAULT]'
echo 'ignoreip = 127.0.0.1/8'
echo 'bantime = 10m'
echo 'findtime = 10m'
echo 'maxretry = 5'
echo 'maxmatches = %(maxretry)s'
echo 'backend = auto'
echo 'usedns = warn'
echo 'logencoding = auto'
echo 'enabled = false'
echo 'mode = normal'
echo 'filter = %(__name__)s[mode=%(mode)s]'
echo ''
echo 'destemail = root@localhost'
echo 'sender = root@<fq-hostname>'
echo 'mta = sendmail'
echo 'protocol = tcp'
echo 'chain = <known/chain>'
echo 'port = 0:65535'
echo 'fail2ban_agent = Fail2Ban/%(fail2ban_version)s'
echo ''
echo 'banaction = npf'
echo ''
echo '[sshd]'
echo '# To use more aggressive sshd modes set filter parameter "mode" in jail.local:'
echo '# normal (default), ddos, extra or aggressive (combines all).'
echo '# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.'
echo '#mode = normal'
echo 'enabled = true'
echo 'port = ssh'
echo 'logpath = /var/log/authlog'
echo 'backend = %(sshd_backend)s'
echo ''
echo '[dropbear]'
echo 'port = ssh'
echo 'logpath = %(dropbear_log)s'
echo 'backend = %(dropbear_backend)s'
echo ''
echo '[selinux-ssh]'
echo 'port = ssh'
echo 'logpath = %(auditd_log)s'
echo ''
echo '#'
echo '# HTTP servers'
echo '#'
echo '[apache-auth]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo ''
echo '[apache-badbots]'
echo '# Ban hosts which agent identifies spammer robots crawling the web'
echo '# for email addresses. The mail outputs are buffered.'
echo 'port = http,https'
echo 'logpath = %(apache_access_log)s'
echo 'bantime = 48h'
echo 'maxretry = 1'
echo ''
echo '[apache-noscript]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo ''
echo '[apache-overflows]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo 'maxretry = 2'
echo ''
echo '[apache-nohome]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo 'maxretry = 2'
echo ''
echo '[apache-botsearch]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo 'maxretry = 2'
echo ''
echo '[apache-fakegooglebot]'
echo 'port = http,https'
echo 'logpath = %(apache_access_log)s'
echo 'maxretry = 1'
echo 'ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip>'
echo ''
echo '[apache-modsecurity]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo 'maxretry = 2'
echo ''
echo '[apache-shellshock]'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo 'maxretry = 1'
echo ''
echo '[openhab-auth]'
echo 'filter = openhab'
echo 'banaction = %(banaction_allports)s'
echo 'logpath = /opt/openhab/logs/request.log'
echo ''
echo '# To use more aggressive http-auth modes set filter parameter "mode" in jail.local:'
echo '# normal (default), aggressive (combines all), auth or fallback'
echo '[nginx-http-auth]'
echo '# mode = normal'
echo 'port = http,https'
echo 'logpath = %(nginx_error_log)s'
echo ''
echo "# To use 'nginx-limit-req' jail you should have \`ngx_http_limit_req_module\`"
echo "# and define \`limit_req\` and \`limit_req_zone\` as described in nginx documentation"
echo '# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html'
echo '# or for example see in '\''config/filter.d/nginx-limit-req.conf'\'''
echo '[nginx-limit-req]'
echo 'port = http,https'
echo 'logpath = %(nginx_error_log)s'
echo ''
echo '[nginx-botsearch]'
echo 'port = http,https'
echo 'logpath = %(nginx_error_log)s'
echo ''
echo '[nginx-bad-request]'
echo 'port = http,https'
echo 'logpath = %(nginx_access_log)s'
echo ''
echo "# Ban attackers that try to use PHP's URL-fopen() functionality"
echo '# through GET/POST variables. - Experimental, with more than a year'
echo '# of usage in production environments.'
echo ''
echo '[php-url-fopen]'
echo 'port = http,https'
echo 'logpath = %(nginx_access_log)s'
echo ' %(apache_access_log)s'
echo ''
echo '[suhosin]'
echo 'port = http,https'
echo 'logpath = %(suhosin_log)s'
echo ''
echo '[lighttpd-auth]'
echo '# Same as above for Apache'\''s mod_auth'
echo '# It catches wrong authentifications'
echo 'port = http,https'
echo 'logpath = %(lighttpd_error_log)s'
echo ''
echo '#'
echo '# Webmail and groupware servers'
echo '#'
echo '[roundcube-auth]'
echo 'port = http,https'
echo 'logpath = %(roundcube_errors_log)s'
echo '# Use following line in your jail.local if roundcube logs to journal.'
echo '#backend = %(syslog_backend)s'
echo ''
echo '[openwebmail]'
echo 'port = http,https'
echo 'logpath = /var/log/openwebmail.log'
echo ''
echo '[horde]'
echo 'port = http,https'
echo 'logpath = /var/log/horde/horde.log'
echo ''
echo '[groupoffice]'
echo 'port = http,https'
echo 'logpath = /home/groupoffice/log/info.log'
echo ''
echo '[sogo-auth]'
echo '# Monitor SOGo groupware server'
echo '# without proxy this would be:'
echo '# port = 20000'
echo 'port = http,https'
echo 'logpath = /var/log/sogo/sogo.log'
echo ''
echo '[tine20]'
echo 'logpath = /var/log/tine20/tine20.log'
echo 'port = http,https'
echo ''
echo '#'
echo '# Web Applications'
echo '#'
echo '[drupal-auth]'
echo 'port = http,https'
echo 'logpath = %(syslog_daemon)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[guacamole]'
echo 'port = http,https'
echo 'logpath = /var/log/tomcat*/catalina.out'
echo '#logpath = /var/log/guacamole.log'
echo ''
echo '[monit]'
echo '#Ban clients brute-forcing the monit gui login'
echo 'port = 2812'
echo 'logpath = /var/log/monit'
echo ' /var/log/monit.log'
echo ''
echo '[webmin-auth]'
echo 'port = 10000'
echo 'logpath = %(syslog_authpriv)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[froxlor-auth]'
echo 'port = http,https'
echo 'logpath = %(syslog_authpriv)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '#'
echo '# HTTP Proxy servers'
echo '#'
echo '[squid]'
echo 'port = 80,443,3128,8080'
echo 'logpath = /var/log/squid/access.log'
echo ''
echo '[3proxy]'
echo 'port = 3128'
echo 'logpath = /var/log/3proxy.log'
echo ''
echo '#'
echo '# FTP servers'
echo '#'
echo '[proftpd]'
echo 'port = ftp,ftp-data,ftps,ftps-data'
echo 'logpath = %(proftpd_log)s'
echo 'backend = %(proftpd_backend)s'
echo ''
echo '[pure-ftpd]'
echo 'port = ftp,ftp-data,ftps,ftps-data'
echo 'logpath = %(pureftpd_log)s'
echo 'backend = %(pureftpd_backend)s'
echo ''
echo '[gssftpd]'
echo 'port = ftp,ftp-data,ftps,ftps-data'
echo 'logpath = %(syslog_daemon)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[wuftpd]'
echo 'port = ftp,ftp-data,ftps,ftps-data'
echo 'logpath = %(wuftpd_log)s'
echo 'backend = %(wuftpd_backend)s'
echo ''
echo '[vsftpd]'
echo '# or overwrite it in jails.local to be'
echo '# logpath = %(syslog_authpriv)s'
echo '# if you want to rely on PAM failed login attempts'
echo "# vsftpd's failregex should match both of those formats"
echo 'port = ftp,ftp-data,ftps,ftps-data'
echo 'logpath = %(vsftpd_log)s'
echo ''
echo '#'
echo '# Mail servers'
echo '#'
echo '# ASSP SMTP Proxy Jail'
echo '[assp]'
echo 'port = smtp,465,submission'
echo 'logpath = /root/path/to/assp/logs/maillog.txt'
echo ''
echo '[courier-smtp]'
echo 'port = smtp,465,submission'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[postfix]'
echo '# To use another modes set filter parameter "mode" in jail.local:'
echo 'mode = more'
echo 'port = smtp,465,submission'
echo 'logpath = %(postfix_log)s'
echo 'backend = %(postfix_backend)s'
echo ''
echo '[postfix-rbl]'
echo 'filter = postfix[mode=rbl]'
echo 'port = smtp,465,submission'
echo 'logpath = %(postfix_log)s'
echo 'backend = %(postfix_backend)s'
echo 'maxretry = 1'
echo ''
echo '[sendmail-auth]'
echo 'port = submission,465,smtp'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[sendmail-reject]'
echo '# To use more aggressive modes set filter parameter "mode" in jail.local:'
echo '# normal (default), extra or aggressive'
echo '# See "tests/files/logs/sendmail-reject" or "filter.d/sendmail-reject.conf" for usage example and details.'
echo '#mode = normal'
echo 'port = smtp,465,submission'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[qmail-rbl]'
echo 'filter = qmail'
echo 'port = smtp,465,submission'
echo 'logpath = /service/qmail/log/main/current'
echo ''
echo '# dovecot defaults to logging to the mail syslog facility'
echo '# but can be set by syslog_facility in the dovecot configuration.'
echo '[dovecot]'
echo 'port = pop3,pop3s,imap,imaps,submission,465,sieve'
echo 'logpath = %(dovecot_log)s'
echo 'backend = %(dovecot_backend)s'
echo ''
echo '[sieve]'
echo 'port = smtp,465,submission'
echo 'logpath = %(dovecot_log)s'
echo 'backend = %(dovecot_backend)s'
echo ''
echo '[solid-pop3d]'
echo 'port = pop3,pop3s'
echo 'logpath = %(solidpop3d_log)s'
echo ''
echo '[exim]'
echo '# see filter.d/exim.conf for further modes supported from filter:'
echo '#mode = normal'
echo 'port = smtp,465,submission'
echo 'logpath = %(exim_main_log)s'
echo ''
echo '[exim-spam]'
echo 'port = smtp,465,submission'
echo 'logpath = %(exim_main_log)s'
echo ''
echo '[kerio]'
echo 'port = imap,smtp,imaps,465'
echo 'logpath = /opt/kerio/mailserver/store/logs/security.log'
echo ''
echo '#'
echo '# Mail servers authenticators: might be used for smtp,ftp,imap servers, so'
echo '# all relevant ports get banned'
echo '#'
echo ''
echo '[courier-auth]'
echo 'port = smtp,465,submission,imap,imaps,pop3,pop3s'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[postfix-sasl]'
echo 'filter = postfix[mode=auth]'
echo 'port = smtp,465,submission,imap,imaps,pop3,pop3s'
echo '# You might consider monitoring /var/log/mail.warn instead if you are'
echo '# running postfix since it would provide the same log lines at the'
echo '# "warn" level but overall at the smaller filesize.'
echo 'logpath = %(postfix_log)s'
echo 'backend = %(postfix_backend)s'
echo ''
echo '[perdition]'
echo 'port = imap,imaps,pop3,pop3s'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[squirrelmail]'
echo 'port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks'
echo 'logpath = /var/db/squirrelmail/prefs/squirrelmail_access_log'
echo ''
echo '[cyrus-imap]'
echo 'port = imap,imaps'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[uwimap-auth]'
echo 'port = imap,imaps'
echo 'logpath = %(syslog_mail)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '#'
echo '#'
echo '# DNS servers'
echo '#'
echo ''
echo '#'
echo '#'
echo '# !!! WARNING !!!'
echo '# Since UDP is connection-less protocol, spoofing of IP and imitation'
echo '# of illegal actions is way too simple. Thus enabling of this filter'
echo '# might provide an easy way for implementing a DoS against a chosen'
echo '# victim. See'
echo '# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html'
echo '# Please DO NOT USE this jail unless you know what you are doing.'
echo '#'
echo '# IMPORTANT: see filter.d/named-refused for instructions to enable logging'
echo '# This jail blocks UDP traffic for DNS requests.'
echo '# [named-refused-udp]'
echo '#'
echo '# filter = named-refused'
echo '# port = domain,953'
echo '# protocol = udp'
echo '# logpath = /var/log/named/security.log'
echo '#'
echo '#'
echo '# IMPORTANT: see filter.d/named-refused for instructions to enable logging'
echo '# This jail blocks TCP traffic for DNS requests.'
echo ''
echo ''
echo '[named-refused]'
echo 'port = domain,953'
echo 'logpath = /var/log/named/security.log'
echo ''
echo ''
echo '[nsd]'
echo 'port = 53'
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
echo 'logpath = /var/log/nsd.log'
echo ''
echo '#'
echo '# Miscellaneous'
echo '#'
echo ''
echo '[asterisk]'
echo 'port = 5060,5061'
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
echo 'logpath = /var/log/asterisk/messages'
echo 'maxretry = 10'
echo ''
echo '[freeswitch]'
echo 'port = 5060,5061'
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
echo 'logpath = /var/log/freeswitch.log'
echo 'maxretry = 10'
echo ''
echo '# enable adminlog; it will log to a file inside znc'\''s directory by default.'
echo '[znc-adminlog]'
echo 'port = 6667'
echo 'logpath = /var/db/znc/moddata/adminlog/znc.log'
echo ''
echo '# To log wrong MySQL access attempts add to /usr/pkg/etc/my.cnf in [mysqld] or'
echo '# equivalent section:'
echo '# log-warnings = 2'
echo '#'
echo '# for syslog (daemon facility)'
echo '# [mysqld_safe]'
echo '# syslog'
echo '#'
echo '# for own logfile'
echo '# [mysqld]'
echo '# log-error=/var/log/mysqld.log'
echo '[mysqld-auth]'
echo 'port = 3306'
echo 'logpath = %(mysql_log)s'
echo 'backend = %(mysql_backend)s'
echo ''
echo '[mssql-auth]'
echo '# Default configuration for Microsoft SQL Server for Linux'
echo '# See the '\''mssql-conf'\'' manpage how to change logpath or port'
echo 'logpath = /var/opt/mssql/log/errorlog'
echo 'port = 1433'
echo 'filter = mssql-auth'
echo ''
echo '# Log wrong MongoDB auth (for details see filter '\''filter.d/mongodb-auth.conf'\'')'
echo '[mongodb-auth]'
echo '# change port when running with "--shardsvr" or "--configsvr" runtime operation'
echo 'port = 27017'
echo 'logpath = /var/log/mongodb/mongodb.log'
echo ''
echo '# Jail for more extended banning of persistent abusers'
echo '# !!! WARNINGS !!!'
echo '# 1. Make sure that your loglevel specified in fail2ban.conf/.local'
echo '# is not at DEBUG level -- which might then cause fail2ban to fall into'
echo '# an infinite loop constantly feeding itself with non-informative lines'
echo '# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)'
echo '# to maintain entries for failed logins for sufficient amount of time'
echo '[recidive]'
echo ''
echo 'logpath = /var/log/fail2ban.log'
echo 'banaction = %(banaction_allports)s'
echo 'bantime = 1w'
echo 'findtime = 1d'
echo ''
echo '# Generic filter for PAM. Has to be used with action which bans all'
echo '# ports such as iptables-allports, shorewall'
echo ''
echo '[pam-generic]'
echo '# pam-generic filter can be customized to monitor specific subset of '\''tty'\''s'
echo 'banaction = %(banaction_allports)s'
echo 'logpath = %(syslog_authpriv)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[xinetd-fail]'
echo 'banaction = iptables-multiport-log'
echo 'logpath = %(syslog_daemon)s'
echo 'backend = %(syslog_backend)s'
echo 'maxretry = 2'
echo ''
echo '# stunnel - need to set port for this'
echo '[stunnel]'
echo 'logpath = /var/log/stunnel4/stunnel.log'
echo ''
echo '[ejabberd-auth]'
echo 'port = 5222'
echo 'logpath = /var/log/ejabberd/ejabberd.log'
echo ''
echo '[counter-strike]'
echo 'logpath = /opt/cstrike/logs/L[0-9]*.log'
echo 'tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039'
echo 'udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015'
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp"]'
echo ' %(default/action_)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp"]'
echo ''
echo '[softethervpn]'
echo 'port = 500,4500'
echo 'protocol = udp'
echo 'logpath = /usr/local/vpnserver/security_log/*/sec.log'
echo ''
echo '[gitlab]'
echo 'port = http,https'
echo 'logpath = /var/log/gitlab/gitlab-rails/application.log'
echo ''
echo '[grafana]'
echo 'port = http,https'
echo 'logpath = /var/log/grafana/grafana.log'
echo ''
echo '[bitwarden]'
echo 'port = http,https'
echo 'logpath = /home/*/bwdata/logs/identity/Identity/log.txt'
echo ''
echo '[centreon]'
echo 'port = http,https'
echo 'logpath = /var/log/centreon/login.log'
echo ''
echo '# consider low maxretry and a long bantime'
echo '# nobody except your own Nagios server should ever probe nrpe'
echo '[nagios]'
echo 'logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility'
echo 'backend = %(syslog_backend)s'
echo 'maxretry = 1'
echo ''
echo '[oracleims]'
echo '# see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above'
echo 'logpath = /opt/sun/comms/messaging64/log/mail.log_current'
echo 'banaction = %(banaction_allports)s'
echo ''
echo '[directadmin]'
echo 'logpath = /var/log/directadmin/login.log'
echo 'port = 2222'
echo ''
echo '[portsentry]'
echo 'logpath = /var/db/portsentry/portsentry.history'
echo 'maxretry = 1'
echo ''
echo '[pass2allow-ftp]'
echo '# this pass2allow example allows FTP traffic after successful HTTP authentication'
echo 'port = ftp,ftp-data,ftps,ftps-data'
echo '# knocking_url variable must be overridden to some secret value in jail.local'
echo 'knocking_url = /knocking/'
echo 'filter = apache-pass[knocking_url="%(knocking_url)s"]'
echo '# access log of the website with HTTP auth'
echo 'logpath = %(apache_access_log)s'
echo 'blocktype = RETURN'
echo 'returntype = DROP'
echo 'action = %(action_)s[blocktype=%(blocktype)s, returntype=%(returntype)s,'
echo ' actionstart_on_demand=false, actionrepair_on_unban=true]'
echo 'bantime = 1h'
echo 'maxretry = 1'
echo 'findtime = 1'
echo ''
echo '[murmur]'
echo '# AKA mumble-server'
echo 'port = 64738'
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
echo 'logpath = /var/log/mumble-server/mumble-server.log'
echo ''
echo '[screensharingd]'
echo '# For Mac OS Screen Sharing Service (VNC)'
echo 'logpath = /var/log/system.log'
echo 'logencoding = utf-8'
echo ''
echo '[haproxy-http-auth]'
echo "# HAProxy by default doesn't log to file you'll need to set it up to forward"
echo '# logs to a syslog server which would then write them to disk.'
echo '# See "haproxy-http-auth" filter for a brief cautionary note when setting'
echo '# maxretry and findtime.'
echo 'logpath = /var/log/haproxy.log'
echo ''
echo '[slapd]'
echo 'port = ldap,ldaps'
echo 'logpath = /var/log/slapd.log'
echo ''
echo '[domino-smtp]'
echo 'port = smtp,ssmtp'
echo 'logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log'
echo ''
echo '[phpmyadmin-syslog]'
echo 'port = http,https'
echo 'logpath = %(syslog_authpriv)s'
echo 'backend = %(syslog_backend)s'
echo ''
echo '[zoneminder]'
echo '# Zoneminder HTTP/HTTPS web interface auth'
echo '# Logs auth failures to apache2 error log'
echo 'port = http,https'
echo 'logpath = %(apache_error_log)s'
echo ''
echo '[traefik-auth]'
echo "# to use 'traefik-auth' filter you have to configure your Traefik instance,"
echo "# see \`filter.d/traefik-auth.conf\` for details and service example."
echo 'port = http,https'
echo 'logpath = /var/log/traefik/access.log'
echo ''
echo '[scanlogd]'
echo 'logpath = %(syslog_local0)s'
echo 'banaction = %(banaction_allports)s'
echo ''
echo '[monitorix]'
echo 'port = 8080'
echo 'logpath = /var/log/monitorix-httpd'
} > /usr/pkg/etc/fail2ban/jail.local
pico /usr/pkg/etc/fail2ban/jail.local
else
pico /usr/pkg/etc/fail2ban/jail.local
dialog --yesno "Do you want to (re)start fail2ban?" 5 39
restart_ornot=$?
if [ $restart_ornot -eq 0 ]; then
service fail2ban restart > /dev/null 2>&1
Fail2banMenu
fi
fi
dialog --yesno "Do you want to (re)start fail2ban?" 5 39
restart_ornot=$?
if [ $restart_ornot -eq 0 ]; then
service fail2ban restart > /dev/null 2>&1
fi
fi
Fail2banMenu
}
# checked
ConfigureSSH () {
# Check if OpenSSH is installed or not
check=$(grep -o "sshd=YES" < /etc/rc.conf | wc -l | tr -d ' ')
if [ "$check" -eq 0 ]; then
if [ ! -e /usr/sbin/sshd ]; then
dialog --yesno "OpenSSH is not installed on your system, do you want to install it?" 6 44
sshd_install=$?
checkInternetConnection
if [ $sshd_install -eq 0 ]; then
pkgin -y in opensshd
# I don't remember if sshd goes automatically to /etc/rc.d/... in case :
cp /usr/pkg/share/examples/rc.d/sshd /etc/rc.d/sshd
echo sshd=YES >> /etc/rc.conf
fi
fi
fi
# Check if a previous configuration has already been done
if [ -e /etc/ssh/sshd_config.BAK ]; then
dialog --yesno "A previous configuration seems to have been done\nDo you want to restore the backup file (Yes) or work on the actual configuration? (No)" 7 52
what_todo=$?
if [ $what_todo -eq 0 ]; then
cp /etc/ssh/sshd_config.BAK /etc/ssh/ssh/sshd_config
fi
else
dialog --yesno "Do you want to create a backup of the original /etc/ssh/sshd_config before starting to edit the configuration?\n(you really should say yes!!)" 7 70
bak_ornot=$?
if [ $bak_ornot -eq 0 ]; then
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.BAK
dialog --msgbox "/etc/ssh/sshd_config has been saved as /etc/ssh/sshd_config.BAK" 5 68
fi
fi
# be guided for configuration or not ?
dialog --yesno "Do you wish to be guided (Yes) in order to configure SSH properly (with usual parameters)\nor\nDo you prefer to do it yourself? (No)" 8 70
guided_ornot=$?
if [ $guided_ornot -eq 0 ]; then
dialog --msgbox "Then, let's start!" 5 22
{
echo "###########################"
echo "# CUSTOM SSH CONFIGURATION"
echo " "
} >> /etc/ssh/sshd_config
# SSH PORT
dialog --yesno "Do you want to change the SSH port?\n\nBy default, the SSH port is 22 (TCP)\n(It is recommended to use another port to reduce the risk of automated attacks)" 9 70
change_port=$?
if [ $change_port -eq 0 ]; then
nport=$(dialog --inputbox "Please enter a new port number (>10,000 and <65,000 preferably)" 8 68 2>&1 1>/dev/tty)
{
echo "# PORT"
echo "Port $nport"
echo " "
} >> /etc/ssh/sshd_config
# check if the NPF firewall has already been configured
if [ -e /etc/npf.conf ]; then
check=$(npfctl show | grep -o "inactive" | sort | uniq | wc -l | tr -d ' ')
if [ ! "$check" -eq 1 ]; then
dialog --msgbox "The NPF firewall seems to be active\nYou also need to change the SSH port in the rules file to avoid being blocked when SSH is activated.\n\nThe NPF rules file will open\nMake the changes, exit, and save without changing the file location" 11 70
pico /etc/npf.conf
changePortNPF="1"
fi
fi
else
{
echo "# PORT"
echo "Port 22"
echo " "
} >> /etc/ssh/sshd_config
fi
# LISTEN ADDRESS
dialog --yesno "Do you want to configure the listening addresses?\n\n(If your server has multiple network interfaces, it is recommended to specify the IP address(es) of your server on which the SSH service should listen if you do not want users to be able to connect via undesired or protected interfaces)\n\nIf you answer (No), then SSH will listen by default on all interfaces of your server" 13 70
listen_ip=$?
if [ $listen_ip -eq 0 ]; then
echo "# LISTEN ADDRESS" >> /etc/ssh/sshd_config
i=0
while [ $i -lt "50" ]; do
ip_add=$(dialog --inputbox "Please enter an IP address allowed to connect" 8 55 2>&1 1>/dev/tty)
echo "ListenAddress $ip_add" >> /etc/ssh/sshd_config
dialog --yesno "Do you want to add another IP?" 5 34
add_another=$?
if [ $add_another -eq 1 ]; then
i=$((i+51))
fi
i=$((i+1))
done
echo " " >> /etc/ssh/sshd_config
else
{
echo "# LISTEN ADDRESS"
echo "ListenAddress 0.0.0.0"
echo "ListenAddress ::"
} >> /etc/ssh/sshd_config
fi
# AUTHORIZED/ USERS
dialog --yesno "Do you want to specify the users allowed to connect to this server via SSH?\n(Only the specified users will be allowed to connect)\n\nIf (No), all users will be allowed to connect" 9 70
user_yesconnect=$?
if [ $user_yesconnect -eq 0 ]; then
echo "# ALLOW USERS" >> /etc/ssh/sshd_config
permitusers=$(dialog --inputbox "Please enter the username(s) of the only user(s) allowed to connect\n(separate usernames with spaces)" 9 70 2>&1 1>/dev/tty)
echo "AllowUsers ${permitusers}" >> /etc/ssh/sshd_config
echo " " >> /etc/ssh/sshd_config
fi
# DENIED USERS
dialog --yesno "Do you want to prohibit specific users from connecting to this server via SSH?\n(only the specified users will be prohibited from connecting.\n\nIf you have previously allowed users to connect, then answer (No)" 9 70
user_noconnect=$?
if [ $user_noconnect -eq 0 ]; then
echo "# DENY USERS" >> /etc/ssh/sshd_config
denyusers=$(dialog --inputbox "Please enter the username(s) of the user(s) denied from connecting\n(separate usernames with spaces)" 9 70 2>&1 1>/dev/tty)
echo "DenyUsers ${denyusers}" >> /etc/ssh/sshd_config
echo " " >> /etc/ssh/sshd_config
fi
# PERMIT ROOT LOGIN
dialog --yesno "Do you want to prohibit (Yes) or allow (No) root to connect to this server?\n\n(It is recommended to prohibit root login)" 8 70
permit_root=$?
echo "# PERMIT ROOT LOGIN" >> /etc/ssh/sshd_config
if [ $permit_root -eq 0 ]; then
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo " " >> /etc/ssh/sshd_config
else
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo " " >> /etc/ssh/sshd_config
fi
# PUB KEY AUTHENTICATION
dialog --yesno "Do you want to allow both key-based and password-based authentication (Yes) or only one of them (No)?\n\nIf you answer (No), you will be prompted to choose on the next screen." 9 70
pubkey_yesno=$?
if [ $pubkey_yesno -eq 0 ]; then
{
echo "# PUB KEY AND PASSWORD AUTHENTICATION"
echo "PasswordAuthentication yes"
echo "AuthorizedKeysFile .ssh/authorized_keys"
echo "KbdInteractiveAuthentication yes"
echo "UsePAM yes"
echo " "
} >> /etc/ssh/sshd_config
else
dialog --yesno "Do you want to allow only password-based authentication (Yes)\nor\nonly public key-based authentication (No)?\n\nSSH key-based authentication is highly recommended, however, you should not disable password authentication until you have added the public SSH key of the machine that will connect to this server to the /home/USER/.ssh/authorized_keys file on this server. Otherwise, you may risk losing access to the server." 13 70
pass_orkey=$?
if [ $pass_orkey -eq 0 ]; then
{
echo "# PASSWORD AUTHENTICATION ONLY"
echo "PasswordAuthentication yes"
echo "PubkeyAuthentication no"
echo "KbdInteractiveAuthentication yes"
echo "UsePAM yes"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# PUB KEY AUTHENTICATION ONLY"
echo "PasswordAuthentication no"
echo "PubkeyAuthentication yes"
echo "AuthorizedKeysFile .ssh/authorized_keys"
echo "KbdInteractiveAuthentication no"
echo "UsePAM no"
echo " "
} >> /etc/ssh/sshd_config
fi
fi
# X11Forwarding
dialog --yesno "Do you need to run graphical applications (X11) via SSH?" 5 61
x11_forward=$?
if [ $x11_forward -eq 0 ]; then
{
echo "# X11 FORWARDING"
echo "X11Forwarding yes"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# NO X11 FORWARDING"
echo "X11Forwarding no"
echo " "
} >> /etc/ssh/sshd_config
fi
# AllowTcpForwarding
dialog --yesno "Will you be setting up SSH tunnels?" 5 40
ssh_tunnels=$?
if [ $ssh_tunnels -eq 0 ]; then
{
echo "# SSH TUNNELING"
echo "AllowTcpForwarding yes"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# NO SSH TUNNELING"
echo "AllowTcpForwarding no"
echo " "
} >> /etc/ssh/sshd_config
fi
# USER ENVIRONMENT
dialog --yesno "Will you need to set environment variables via SSH?\n\nIt is recommended not to enable this option." 7 56
user_env=$?
if [ $user_env -eq 0 ]; then
{
echo "# USER ENVIRONMENT"
echo "PermitUserEnvironment yes"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# NO USER ENVIRONMENT"
echo "PermitUserEnvironment no"
echo " "
} >> /etc/ssh/sshd_config
fi
# LOGIN GRACE TIME
dialog --yesno "Do you want to set a timeout during authentication?\n\nIt is recommended to configure a timeout." 7 56
grace_limit=$?
if [ $grace_limit -eq 0 ]; then
timelogin=$(dialog --inputbox "Please enter a timeout value (in seconds)\n(example: 60)" 9 50 2>&1 1>/dev/tty)
{
echo "# LOGIN GRACE TIME"
echo "LoginGraceTime $timelogin"
echo " "
} >> /etc/ssh/sshd_config
fi
# MAX AUTHENTICATION TRIES
dialog --yesno "Do you want to limit the number of authentication attempts?\n\n(recommended)" 7 64
max_ornot=$?
if [ $max_ornot -eq 0 ]; then
maxauth=$(dialog --inputbox "Please enter a maximum number of attempts\n(3 or 4 are usually good values)" 9 47 2>&1 1>/dev/tty)
{
echo "# MAX AUTHENTICATION TRIES"
echo "MaxAuthTries $maxauth"
echo " "
} >> /etc/ssh/sshd_config
fi
# MAX SESSIONS
dialog --yesno "Do you want to limit the number of simultaneous SSH sessions for each user?\n\n(recommended)" 8 70
ssh_simul=$?
if [ $ssh_simul -eq 0 ]; then
maxsimul=$(dialog --inputbox "Please enter a maximum number of sessions" 8 50 2>&1 1>/dev/tty)
{
echo "# MAX SESSIONS PER USER"
echo "MaxSessions $maxsimul"
echo " "
} >> /etc/ssh/sshd_config
fi
# AUTOMATIC CLOSING
dialog --yesno "Do you want to configure automatic closure of inactive sessions?\n\n(recommended)" 7 69
close_inac=$?
if [ $close_inac -eq 0 ]; then
dialog --msgbox "The configuration is done in 2 steps\n\nFirst, you need to define the time (in seconds) between the sending of 2 inactivity requests (example 300)\nThen, we define the maximum number of requests sent before automatic session closure (example 3)\n\nTaking these 2 examples, the connection would be terminated after 15 minutes (300*3)" 13 70
interval=$(dialog --inputbox "Please enter the maximum number of seconds between the sending of 2 inactivity requests (example 300)" 9 60 2>&1 1>/dev/tty)
nbrequest=$(dialog --inputbox "Please enter the maximum number of requests sent before session closure (example 3)" 9 60 2>&1 1>/dev/tty)
{
echo "# CLOSE INACTIVE SESSIONS"
echo "ClientAliveInterval $interval"
echo "ClientAliveCountMax $nbrequest"
echo " "
} >> /etc/ssh/sshd_config
fi
# SYSLOG FACILITY
dialog --yesno "Do you want to set SysLogFacility to AUTH?\n\nThis allows SSH messages to be logged appropriately." 7 60
facility_ornot=$?
if [ $facility_ornot -eq 0 ]; then
{
echo "# SYSLOG FACILITY"
echo "SyslogFacility AUTH"
echo " "
} >> /etc/ssh/sshd_config
fi
# LOG LEVEL
dialog --yesno "Do you want to set the logging level?" 5 42
level_ornot=$?
if [ $level_ornot -eq 0 ]; then
dialog --yesno "Do you want to set it to INFO for normal usage (Yes)\nor\nVERBOSE for more details (No)?" 7 57
info_verbose=$?
if [ $info_verbose -eq 0 ]; then
{
echo "# LOG LEVEL"
echo "LogLevel INFO"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# LOG LEVEL"
echo "LogLevel VERBOSE"
echo " "
} >> /etc/ssh/sshd_config
fi
fi
# DNS
dialog --yesno "Do you want to disable DNS resolution?\n\nThis speeds up SSH connections and reduces the possibility of DNS-based attacks." 8 70
dns_ornot=$?
if [ $dns_ornot -eq 0 ]; then
{
echo "# DNS"
echo "UseDNS no"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# DNS"
echo "UseDNS yes"
echo " "
} >> /etc/ssh/sshd_config
fi
# SFTP
dialog --yesno "Will you be using the SFTP protocol (FTP over SSH) for file exchange via SSH?" 6 66
sftp_ornot=$?
if [ $sftp_ornot -eq 0 ]; then
dialog --yesno "Do you want to use /usr/libexex/sftp-server (default choice) (Yes)\nor\ninternal-sftp (No)?" 7 70
which_sftp=$?
if [ $which_sftp -eq 0 ]; then
{
echo "# SFTP"
echo "Subsystem sftp /usr/libexec/sftp-server"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# SFTP"
echo "Subsystem sftp internal-sftp"
echo " "
} >> /etc/ssh/sshd_config
fi
fi
# MOTD
dialog --yesno "Do you want to disable the Message of the Day (Motd)?\n\n(recommended)" 7 58
motd_ornot=$?
if [ $motd_ornot -eq 0 ]; then
{
echo "# MOTD"
echo "PrintMotd no"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# MOTD"
echo "PrintMotd yes"
echo " "
} >> /etc/ssh/sshd_config
fi
# LAST LOG
dialog --yesno "Do you want to hide (Yes) or display (No) the message showing the date and time of the last login when a user logs in?\n\n(It is recommended to hide this information)" 8 70
hidelog_ornot=$?
if [ $hidelog_ornot -eq 0 ]; then
{
echo "# PRINT LAST LOG"
echo "PrintLastLog no"
echo " "
} >> /etc/ssh/sshd_config
else
{
echo "# PRINT LAST LOG"
echo "PrintLastLog yes"
echo " "
} >> /etc/ssh/sshd_config
fi
# USUAL
{
echo "# DISABLE HPN"
echo "HPNDisabled yes"
echo " "
} >> /etc/ssh/sshd_config
dialog --msgbox "The configuration is now completed" 5 39
else
dialog --msgbox "/etc/ssh/sshd_config is going to be opened in a text editor in order to let you configure SSH yourself\n\nDo what you need to do, then Exit and Save without changing the location of the file\n\nYou'll be asked to activate (or not) the configuration at the end" 11 69
pico /etc/ssh/sshd_config
# check if Port is commented or not
check=$(grep Port < /etc/ssh/sshd_config | grep "[0-9]" | grep -o '#' | sort | uniq | wc -l | tr -d ' ')
if [ "$check" -eq 0 ]; then
# check if Port has been modified
check2=$(grep -o "Port 22" < /etc/ssh/sshd_config | sort | uniq | wc -l | tr -d ' ')
if [ ! "$check2" -eq 1 ]; then
# check if the NPF firewall has already been configured
if [ -e /etc/npf.conf ]; then
# check if NPF is running
check=$(npfctl show | grep -o "inactive" | sort | uniq | wc -l | tr -d ' ')
if [ ! "$check" -eq 1 ]; then
dialog --msgbox "The NPF firewall seems to be active\nYou also need to change the SSH port in the rules file to avoid being blocked when SSH is activated.\n\nThe NPF rules file will open\nMake the changes, exit, and save without changing the file location" 11 70
pico /etc/npf.conf
changePortNPF="1"
fi
fi
fi
fi
fi
dialog --yesno "Do you want to (re)start SSH?" 5 33
activate_ornot=$?
if [ $activate_ornot -eq 0 ]; then
service sshd restart > /dev/null 2>&1
sleep 1
check=$(service sshd status | grep -o "sshd is not running." | wc -l | tr -d)
if [ "$check" -eq 0 ]; then
dialog --msgbox "It seems that something went wrong, sshd did not start" 5 59
fi
if [ "$changePortNPF" -eq 1 ]; then
dialog --yesno "You have modified the SSH port, do you want to restart the firewall now?" 6 66
restart_npf=$?
if [ $restart_npf -eq 0 ]; then
service npf restart > /dev/null 2>&1
fi
fi
check=$(service sshd status | grep -o "sshd is running" | wc -l | tr -d ' ')
if [ "$check" -eq 1 ]; then
dialog --msgbox "SSH is running, Congratulations!" 5 36
fi
fi
SecurityMenu
}
# checked
FormatToNTFS () {
{
################################################
# STAGE 0 : CHECK FOR NECESSARY TOOLS
if [ ! -e /usr/pkg/sbin/mkntfs ]; then
checkInternetConnection
pkgin -y in fuse > /dev/null 2>&1
echo 20
pkgin -y in fuse-ntfs > /dev/null 2>&1
echo 40
pkgin -y in fuse-ntfs-3g > /dev/null 2>&1
echo 60
pkgin -y in libntfs > /dev/null 2>&1
echo 80
pkgin -y inntfsprogs > /dev/null 2>&1
echo 100
fi
} | dialog --gauge "Checking for necessary software..." 6 39
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
################################################
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No USB devices detected" 5 30
rm -f "$TMPFILE"
DiskMngmtMenu
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "$TMPFILE"
###################################################################################################################
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
# check if already mounted then format
if [ -n "$device" ]; then
# check if the selected device is already associated with a geometry
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
if [ "$seekdkX" -gt 0 ]; then
# get geom name (dkX)
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "The device is mounted, please unmount it first" 5 50
DiskMngmtMenu
fi
fi
{
###################
# STAGE 3 : FORMAT
# Destroy and Create a new GPT table
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 10
# Create a partition of type windows
gpt add -t windows "$device" > /dev/null 2>&1
echo 20
# The operation is repeated a second time to accommodate the transition from MBR to GPT (again, it is needed sometimes)
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 30
# Create a partition of type windows
gpt add -t windows "$device" > /dev/null 2>&1
echo 40
# Retrieve the created geometry:
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
# Create the filesystem:
mkntfs -f "/dev/$geom" > /dev/null 2>&1
echo 100
} | dialog --gauge "Formatting in progress..." 6 31
geom=$(dmesg | tail -5 | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
##############################################
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
mount_ornot=$?
if [ "$mount_ornot" -eq 0 ]; then
# Creating the mount point
mkdir -p /media/"$geom" > /dev/null 2>&1
# Mounting NTFS
env PERFUSE_BUFSIZE=135168 ntfs-3g /dev/"$geom" /media/"$geom" > /dev/null 2>&1
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
fi
DiskMngmtMenu
fi
}
# checked
FormatToEXFAT () {
{
################################################
# STAGE 0 : CHECK FOR NECESSARY TOOLS
if [ ! -e /usr/pkg/sbin/mkexfatfs ]; then
checkInternetConnection
pkgin -y in fuse > /dev/null 2>&1
echo 20
pkgin -y in fuse-ntfs > /dev/null 2>&1
echo 40
pkgin -y in fuse-ntfs-3g > /dev/null 2>&1
echo 60
pkgin -y in libntfs > /dev/null 2>&1
echo 70
pkgin -y fuse-exfat > /dev/null 2>&1
echo 80
pkgin -y inntfsprogs > /dev/null 2>&1
echo 100
fi
} | dialog --gauge "Checking for necessary software..." 6 39
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
################################################
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No USB devices detected" 5 30
rm -f "$TMPFILE"
DiskMngmtMenu
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "$TMPFILE"
###################################################################################################################
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
# check if already mounted then format
if [ -n "$device" ]; then
# check if the selected device is already associated with a geometry
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
if [ "$seekdkX" -gt 0 ]; then
# get geom name (dkX)
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "The device is mounted, please unmount it first" 5 50
DiskMngmtMenu
fi
fi
{
###################
# STAGE 3 : FORMAT
# Destroy and Create a new GPT table
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 10
# Create a partition of type windows
gpt add -t windows "$device" > /dev/null 2>&1
echo 20
# The operation is repeated a second time to accommodate the transition from MBR to GPT (again, it is needed sometimes)
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 30
# Create a partition of type windows
gpt add -t windows "$device" > /dev/null 2>&1
echo 40
# Retrieve the created geometry:
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
# Create the filesystem:
/usr/pkg/sbin/mkexfatfs "/dev/$geom" > /dev/null 2>&1
echo 100
} | dialog --gauge "Formatting in progress..." 6 31
geom=$(dmesg | tail -5 | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
##############################################
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
mount_ornot=$?
if [ "$mount_ornot" -eq 0 ]; then
# Creating the mount point
mkdir -p /media/"$geom" > /dev/null 2>&1
# Mounting
env PERFUSE_BUFSIZE=135168 /usr/pkg/sbin/mount.exfat /dev/"$geom" /media/"$geom" > /dev/null 2>&1
#env PERFUSE_BUFSIZE=135168 ntfs-3g /dev/$geom /media/$geom > /dev/null 2>&1
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$geom?" 6 60
rw_ornot=$?
if [ $rw_ornot -eq 0 ]; then
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
/sbin/chown -R "$user" /media/"$geom"
chmod -R /media/"$geom"
else
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
fi
fi
DiskMngmtMenu
fi
}
# checked
FormatToFFSv1 () {
dialog --yesno "FFSv1 is outdated and does not support storage devices > 1 TB. Do you want to continue?" 6 67
ffsv1_choix=$?
case $ffsv1_choix in
1)
DiskMngmtMenu
;;
esac
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
################################################
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No USB devices detected" 5 30
rm -f "$TMPFILE"
DiskMngmtMenu
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "$TMPFILE"
###################################################################################################################
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
# check if already mounted then format
if [ -n "$device" ]; then
# check if the selected device is already associated with a geometry
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
if [ "$seekdkX" -gt 0 ]; then
# get geom name (dkX)
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "The device is mounted, please unmount it first" 5 50
DiskMngmtMenu
fi
fi
{
###################
# STAGE 3 : FORMAT
# Destroy and Create a new GPT table
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 10
# Destroy and Create a new GPT table again
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 20
# Create a partition of type FFS
gpt add -t ffs "$device" > /dev/null 2>&1
echo 30
# Retrieve the created geometry:
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
# Create the filesystem:
newfs -O1 "$geom" > /dev/null 2>&1
echo 100
} | dialog --gauge "Formatting in progress..." 6 31
##############################################
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
mount_ornot=$?
if [ $mount_ornot -eq 0 ]; then
# Création du point de montage
mkdir -p /media/"$geom" > /dev/null 2>&1
# Montage
mount /dev/"$geom" /media/"$geom" > /dev/null 2>&1
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$geom?" 6 60
rw_ornot=$?
if [ $rw_ornot -eq 0 ]; then
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
/sbin/chown -R "$user" /media/"$geom"
chmod -R /media/"$geom"
else
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
fi
fi
DiskMngmtMenu
fi
}
# checked
FormatToFFSv2 () {
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
################################################
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No USB devices detected" 5 30
rm -f "$TMPFILE"
DiskMngmtMenu
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "$TMPFILE"
###################################################################################################################
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
# check if already mounted then format
if [ -n "$device" ]; then
# check if the selected device is already associated with a geometry
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
if [ "$seekdkX" -gt 0 ]; then
# get geom name (dkX)
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "The device is mounted, please unmount it first" 5 50
DiskMngmtMenu
fi
fi
{
###################
# STAGE 3 : FORMAT
# Destroy and Create a new GPT table
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 10
# Destroy and Create a new GPT table again
gpt destroy "$device" > /dev/null 2>&1
gpt create -f "$device" > /dev/null 2>&1
echo 20
# Create a partition of type FFS
gpt add -t ffs "$device" > /dev/null 2>&1
echo 30
# Retrieve the created geometry:
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
# Create the filesystem:
newfs -O2 "$geom" > /dev/null 2>&1
echo 100
} | dialog --gauge "Formatting in progress..." 6 30
##############################################
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
mount_ornot=$?
if [ "$mount_ornot" -eq 0 ]; then
# Création du point de montage
mkdir -p /media/"$geom" > /dev/null 2>&1
# Montage
mount /dev/"$geom" /media/"$geom" > /dev/null 2>&1
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$geom?" 6 60
rw_ornot=$?
if [ "$rw_ornot" -eq 0 ]; then
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
/sbin/chown -R "$user" /media/"$geom"
chmod -R /media/"$geom"
else
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
fi
fi
DiskMngmtMenu
fi
}
# checked
mountUSB () {
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
count=$(dmesg | tail -5 | grep -o ntfs | wc -l | tr -d " ")
if [ "$count" -gt 0 ]; then
device=$(dmesg | tail -5 | grep "ntfs" | grep -o "dk[0-9]" | sort | uniq)
checkmounted=$(mount | grep -o "/dev/$device" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "Device already mounted on /dev/$dkX" 5 41
else
if [ -n "$device" ]; then
# if NTFS
env PERFUSE_BUFSIZE=135168 ntfs-3g /dev/"$device" /media/"$device"
# if ExFAT :
env PERFUSE_BUFSIZE=135168 /usr/pkg/sbin/mount.exfat /dev/"$device" /media/"$device"
else
dialog --msgbox "No NTFS-associated device dkX found." 5 40
fi
fi
else
dkX=$(dmesg | tail -10 | grep -o "dk[0-9]")
checkdkX=$(dmesg | tail -10 | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkdkX" -eq 0 ]; then
dialog --msgbox "Device not detected" 5 23
DiskMngmtMenu
fi
checkmounted=$(mount | grep -o "/dev/$dkX" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "Device already mounted on /dev/$dkX" 5 41
DiskMngmtMenu
else
mount /dev/"$dkX" /media/"$dkX"
fi
fi
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$device?" 6 60
rw_ornot=$?
if [ "$rw_ornot" -eq 0 ]; then
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
/sbin/chown -R "$user" /media/"$dkX"
chmod -R /media/"$dkX"
else
dialog --msgbox "Don't forget about permissions on /media/$dkX" 5 51
fi
DiskMngmtMenu
}
# checked
umountUSB () {
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
mount | grep media | grep -o "dk[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No mounted USB devices detected" 5 35
rm -f "$TMPFILE"
DiskMngmtMenu
return
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the USB device to unmount\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "$TMPFILE"
# Unmount the selected device
if [ -n "$device" ]; then
umount -f "/media/$device" || dialog --msgbox "Error unmounting /media/$device" 5 33
fi
# Return to disk management menu
DiskMngmtMenu
}
# checked
BurnISOtoUSB () {
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
# Verifications
seekdkX=$(dmesg | tail -10 | grep "sd[0-9]" | grep -o "dk[0-9]" | sort | uniq)
for each in $seekdkX; do
checkmounted=$(mount | grep -o "/dev/$each" | sort | uniq | wc -l | tr -d ' ')
if [ "$checkmounted" -eq 1 ]; then
dialog --msgbox "The device is mounted, please unmount it first" 5 50
DiskMngmtMenu
fi
done
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
sysctl hw.disknames | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No USB devices detected" 5 32
rm -f "$TMPFILE"
DiskMngmtMenu
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the USB device to burn ISO\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "$TMPFILE"
# Burn the .iso image
if [ -n "$device" ]; then
isoFile=$(dialog --title "ISO file" --inputbox "Please enter the absolute path of your .iso file" 9 54 2>&1 1>/dev/tty)
{
dd if="$isoFile" of=/dev/"$device" bs=8m msgfmt=human
} | dialog --gauge "Writing in progress..." 6 26
fi
# Return to disk management menu
DiskMngmtMenu
}
# checked
BurnISOtoCD () {
checkInternetConnection
{
pkgin -y in cdrtools > /dev/null 2>&1
echo 100
} | dialog --gauge "Checking for necessary software..." 6 39
# Create a temporary file
TMPFILE=$(mktemp)
# Generate the list of devices
# grep -v "*" is not a glob ! It's necessary to keep only the bus actually connected
cdrecord --scanbus | grep "[0-9],[0-9],[0-9]" | sed "/\*/d" | grep -o "[0-9],[0-9],[0-9]" | sort | uniq > "$TMPFILE"
# Check if the list is empty
if [ ! -s "$TMPFILE" ]; then
dialog --msgbox "No burner detected..." 5 32
rm -f "$TMPFILE"
DiskMngmtMenu
fi
# Read the temporary file and construct the option for dialog
devices=""
while IFS= read -r line; do
devices="$devices $line \"$line\" off"
done < "$TMPFILE"
# Use dialog to display the list of devices
device=$(eval "dialog --radiolist \"Choose the burner\" 0 0 0 $devices 3>&1 1>&2 2>&3")
# Clean up and remove the temporary file
rm -f "