5779 lines
178 KiB
Bash
5779 lines
178 KiB
Bash
#!/bin/sh
|
|
|
|
# Check if dialog is present on the system (for graphical display).
|
|
# If not, install it.
|
|
if [ ! -x "/usr/pkg/bin/dialog" ]; then
|
|
echo "The dialog program is not installed. Installation in progress..."
|
|
pkgin -y in dialog
|
|
pkgin -y in pico
|
|
pkgin -y in curl
|
|
fi
|
|
|
|
checkInternetConnection () {
|
|
# Start background internet connection check
|
|
curl -m 3 http://example.com > /dev/null 2>&1 &
|
|
pid=$!
|
|
|
|
# Initialize the progress value
|
|
progress=0
|
|
|
|
# Loop to update the progress bar
|
|
while [ $progress -le 100 ]; do
|
|
# Check if curl is still running
|
|
if ! kill -0 "$pid" 2>/dev/null; then
|
|
# curl has finished
|
|
break
|
|
fi
|
|
|
|
# Update the progress bar
|
|
echo $progress
|
|
progress=$((progress + 33)) # Increase the progress without $/
|
|
sleep 1 # Wait 1 second
|
|
done | dialog --gauge "Checking Internet connection..." 6 35 0
|
|
|
|
# Check if the curl command was successful
|
|
wait $pid
|
|
exit_status=$?
|
|
|
|
if [ $exit_status -ne 0 ]; then
|
|
dialog --backtitle "Checking Internet connection" \
|
|
--title "Connection error" \
|
|
--msgbox "Internet access is not possible\nPlease check your connection" 6 35
|
|
NetworkMenu
|
|
fi
|
|
}
|
|
|
|
# checked
|
|
|
|
ItsOkInternet () {
|
|
dialog --backtitle "Internet OK !" \
|
|
--title " Result" \
|
|
--msgbox "Internet OK !" 5 17
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
InstallSudo () {
|
|
|
|
# Dialog window to get the username
|
|
user=$(dialog --title "Adding sudo user" --inputbox "Please enter the username to be added to the sudo group" 8 60 2>&1 1>/dev/tty)
|
|
|
|
# Check if the user exists using the 'getent passwd' command.
|
|
countus=$(getent passwd "$user" | cut -d: -f1)
|
|
case $countus in
|
|
"$user")
|
|
# The user exists, the script can continue.
|
|
# Installation of sudo in the background
|
|
if [ ! -x "/usr/pkg/bin/sudo" ]; then
|
|
|
|
checkInternetConnection
|
|
pkgin -y in sudo
|
|
|
|
fi
|
|
|
|
# Configuration of sudo after installation
|
|
groupadd sudo
|
|
|
|
# Check if the user is already in the sudo group
|
|
verifgroupsudo=$(getent group | grep sudo | grep -c "$user" | tr -d ' ')
|
|
if [ "$verifgroupsudo" -gt 0 ]; then
|
|
dialog --msgbox "The user is already a member of the sudo group" 5 50
|
|
else
|
|
# Adding the user to the sudo group
|
|
if ! usermod -G sudo "${user}"; then
|
|
dialog --msgbox "Adding the user to the sudo group failed" 7 44
|
|
return 1
|
|
fi
|
|
fi
|
|
|
|
# Uncomment the line for the sudo group.
|
|
sed -i "s/# %sudo/%sudo/" /usr/pkg/etc/sudoers
|
|
|
|
# Check if the user has been added to sudo group
|
|
verifgroupsudo=$(getent group | grep sudo | grep -c "$user" | tr -d ' ')
|
|
if [ "$verifgroupsudo" -gt 0 ]; then
|
|
dialog --msgbox "The user is now member of the sudo group" 5 45
|
|
fi
|
|
|
|
# Go back to Menu
|
|
UsersRightsMenu
|
|
;;
|
|
*)
|
|
# The user does not exist, display a message.
|
|
dialog --title "Erreur" --msgbox "This user does not exist" 5 28
|
|
InstallSudo
|
|
;;
|
|
esac
|
|
|
|
UsersRightsMenu
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
DesktopBundleApps () {
|
|
|
|
checkInternetConnection
|
|
|
|
# Menu Title
|
|
dialog --backtitle "Select programs" \
|
|
--title "Installing applications" \
|
|
--checklist "Select programs:" 30 70 20 \
|
|
firefox "Firefox web browser" off \
|
|
thunderbird "Thunderbird Mail Client" off \
|
|
keepassxc "KeePassXC password manager" off \
|
|
vlc "VLC multimedia player" off \
|
|
handbrake "HandBrake video encoder" off \
|
|
audacity "Audacity audio editor" off \
|
|
gimp "GIMP image editor" off \
|
|
ristretto "Ristretto image viewer" off \
|
|
youtube-dl "YouTube video downloader" off \
|
|
libreoffice "LibreOffice office suite" off \
|
|
unoconv "Unoconv document converter" off \
|
|
qpdfview "Qpdfview document viewer" off \
|
|
filezilla "FileZilla FTP client" off \
|
|
rclone "Rclone file transfer tool" off \
|
|
rclone-browser "Rclone GUI interface (kapintainsky)" off \
|
|
hexchat "HexChat IRC client" off \
|
|
pidgin "Pidgin messaging client" off \
|
|
psi "PSI messaging client" off \
|
|
wireshark "Wireshark network protocol analyzer" off \
|
|
nmap "Nmap network discovery tool" off \
|
|
zenmap "Nmap graphical interface (Zenmap)" off \
|
|
tor "Tor decentralized anonymous network" off \
|
|
openvpn "OpenVPN Virtual Private Network setup" off \
|
|
codeblocks "IDE for C/C++ development (Code::Blocks)" off \
|
|
EVERYTHING "Install every packages of the list" off 2>/tmp/choices
|
|
|
|
|
|
# Read the user choices from the temporary file.
|
|
choices=$(sed 's/"//g' < /tmp/choices)
|
|
|
|
# Count the number of selected programs.
|
|
num_choices=$(echo "$choices" | wc -w)
|
|
|
|
# Initialize the progress.
|
|
progress=0
|
|
(
|
|
# Install the selected programs.
|
|
for choice in $choices; do
|
|
# Calculate and update the progress.
|
|
progress=$((progress + 100 / num_choices))
|
|
echo $progress
|
|
|
|
if [ "$choice" = "EVERYTHING" ]; then
|
|
pkgin -y in firefox
|
|
echo 5
|
|
pkgin -y in thunderbird
|
|
echo 10
|
|
pkgin -y in keepassxc
|
|
echo 15
|
|
pkgin -y in vlc
|
|
echo 20
|
|
pkgin -y in handbrake
|
|
echo 25
|
|
pkgin -y in audacity
|
|
echo 30
|
|
pkgin -y in gimp
|
|
echo 35
|
|
pkgin -y in ristretto
|
|
echo 40
|
|
pkgin -y in youtube-dl
|
|
echo 45
|
|
pkgin -y in libreoffice
|
|
echo 50
|
|
pkgin -y in unoconv
|
|
echo 55
|
|
pkgin -y in qpdfview
|
|
echo 60
|
|
pkgin -y in filezilla
|
|
echo 65
|
|
pkgin -y in rclone
|
|
echo 70
|
|
pkgin -y in hexchat
|
|
echo 75
|
|
pkgin -y in pidgin
|
|
echo 80
|
|
pkgin -y in psi
|
|
echo 85
|
|
pkgin -y in wireshark
|
|
echo 90
|
|
pkgin -y in nmap
|
|
pkgin -y in zenmap
|
|
echo 95
|
|
pkgin -y in tor
|
|
pkgin -y in openvpn
|
|
pkgin -y in codeblocks
|
|
echo 100
|
|
|
|
else
|
|
|
|
if [ "$choice" = "rclone-browser" ]; then
|
|
|
|
pkgin install git cmake qt5-qtdeclarative rclone
|
|
cd /usr/pkg
|
|
git clone https://github.com/kapitainsky/RcloneBrowser.git
|
|
sed -i 's/QString::SkipEmptyParts/Qt::SkipEmptyParts/' /usr/pkg/RcloneBrowser/src/main_window.cpp
|
|
sed -i 's/player->start(stream, QProcess::ReadOnly);/QStringList arguments;\n arguments << stream;\n player->start("playerExecutable", arguments, QProcess::ReadOnly);/' /usr/pkg/RcloneBrowser/src/main_window.cpp
|
|
cd /usr/pkg/RcloneBrowser
|
|
mkdir build && cd build
|
|
cmake .. -DCMAKE_PREFIX_PATH:PATH=/usr/pkg/qt5 -DCMAKE_INSTALL_RPATH=/usr/pkg/qt5/lib
|
|
make
|
|
make install
|
|
|
|
else
|
|
|
|
pkgin -y in "$choice"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
done
|
|
) | dialog --gauge "Installation in progress..." 6 32 0
|
|
|
|
# Go back to InstallProgramsMenu
|
|
InstallProgramsMenu
|
|
}
|
|
|
|
# checked
|
|
|
|
UsualTools () {
|
|
|
|
checkInternetConnection
|
|
|
|
#user=$(dialog --title "User" --inputbox "Please enter the username (not root!)" 8 50 2>&1 1>/dev/tty)
|
|
|
|
# Menu Title
|
|
dialog --backtitle "Utilities Selection" \
|
|
--title "Installing Utilities" \
|
|
--checklist "Select utilities:" 30 70 20 \
|
|
xfce4-thunar "Thunar File Manager" off \
|
|
xfce4-thunar-archive-plugin "Thunar Plugins" off \
|
|
xfce4-thunar-media-tags-plugin "Thunar Plugins" off \
|
|
xfce4-thunar-vcs-plugin "Thunar Plugins" off \
|
|
wget "wget Download Tool" off \
|
|
w3m "Text-based Web Browser" off \
|
|
lynx "Text-based Web Browser" off \
|
|
links "Text-based Web Browser" off \
|
|
rsync "rsync Sync and Backup Tool" off \
|
|
cesium "Text Editor" off \
|
|
emacs "Text Editor" off \
|
|
nano "Text Editor" off \
|
|
fuse "Foreign Filesystem Management" off \
|
|
fuse-ntfs "Foreign Filesystem Management" off \
|
|
fuse-exfat "Foreign Filesystem Management" off \
|
|
fuse-ext2 "Foreign Filesystem Management" off \
|
|
fuse-httpfs "Foreign Filesystem Management" off \
|
|
fuse-sshfs "Foreign Filesystem Management" off \
|
|
ntfsprogs "NTFS Partition Management" off \
|
|
dvd+rw-tools "CD/DVD/BD Burner" off \
|
|
cdrtools "CD/DVD/BD Burner" off \
|
|
wpa_gui "Wi-Fi Graphical Interface" off \
|
|
cups "Printing Server" off \
|
|
cups-filters "Printing Tools" off \
|
|
zip "Compression Tools" off \
|
|
unzip "Compression Tools" off \
|
|
bzip2 "Compression Tools" off \
|
|
bzip3 "Compression Tools" off \
|
|
htop "Diagnostic Tools" off \
|
|
hw-probe "Diagnostic Tools" off \
|
|
dbus "D-Bus System Message Bus" off \
|
|
tree "Tree Structure Display Tool" off \
|
|
git "Github Tools" off \
|
|
gh "Github Tools" off \
|
|
xscreensaver "xscreensaver Screensaver" off \
|
|
rdesktop "RDP Remote Desktop Tool" off \
|
|
remmina "Remmina Remote Desktop Client" off \
|
|
tigervnc "TigerVNC VNC client/server" off \
|
|
megatools "Mega Management Tools" off \
|
|
rp-pppoe "PPPoE connections" off \
|
|
EVERYTHING "Install every packages of the list" off 2>/tmp/util_choices
|
|
|
|
|
|
# Read the user choices from the temporary file.
|
|
util_choices=$(sed 's/"//g' < /tmp/util_choices)
|
|
|
|
# Count the number of selected utilities.
|
|
num_choices=$(echo "$util_choices" | wc -w)
|
|
|
|
# Initialize the progress.
|
|
progress=0
|
|
(
|
|
# Install the selected utilities.
|
|
for choice in $util_choices; do
|
|
# Calculate and update the progress.
|
|
progress=$((progress + 100 / num_choices))
|
|
echo $progress
|
|
|
|
if [ "$choice" = "EVERYTHING" ]; then
|
|
|
|
pkgin -y in xfce4-thunar
|
|
echo 2
|
|
pkgin -y in xfce4-thunar-archive-plugin
|
|
echo 4
|
|
pkgin -y in xfce4-thunar-media-tags-plugin
|
|
echo 6
|
|
pkgin -y in xfce4-thunar-vcs-plugin
|
|
echo 8
|
|
pkgin -y in wget
|
|
echo 10
|
|
pkgin -y in w3m
|
|
echo 12
|
|
pkgin -y in lynx
|
|
echo 14
|
|
pkgin -y in links
|
|
echo 16
|
|
pkgin -y in rsync
|
|
echo 18
|
|
pkgin -y in cesium
|
|
echo 20
|
|
pkgin -y in emacs
|
|
echo 22
|
|
pkgin -y in nano
|
|
echo 24
|
|
pkgin -y in fuse
|
|
echo 26
|
|
pkgin -y in fuse-ntfs
|
|
echo 28
|
|
pkgin -y in fuse-exfat
|
|
echo 30
|
|
pkgin -y in fuse-ext2
|
|
echo 32
|
|
pkgin -y in fuse-httpfs
|
|
echo 34
|
|
pkgin -y in fuse-sshfs
|
|
echo 36
|
|
pkgin -y in ntfsprogs
|
|
echo 38
|
|
pkgin -y in dvd+rw-tools
|
|
echo 40
|
|
pkgin -y in cdrtools
|
|
echo 42
|
|
pkgin -y in wpa_gui
|
|
echo 44
|
|
pkgin -y in cups
|
|
echo 46
|
|
pkgin -y in cups-filters
|
|
echo 48
|
|
pkgin -y in zip
|
|
echo 50
|
|
pkgin -y in unzip
|
|
echo 52
|
|
pkgin -y in bzip2
|
|
echo 54
|
|
pkgin -y in bzip3
|
|
echo 56
|
|
pkgin -y in htop
|
|
echo 58
|
|
pkgin -y in hw-probe
|
|
echo 60
|
|
pkgin -y in dbus
|
|
echo 62
|
|
pkgin -y in tree
|
|
echo 64
|
|
pkgin -y in git
|
|
echo 66
|
|
pkgin -y in gh
|
|
echo 68
|
|
pkgin -y in xscreensaver
|
|
echo 70
|
|
pkgin -y in rdesktop
|
|
echo 72
|
|
pkgin -y in remmina
|
|
echo 74
|
|
pkgin -y in tigervnc
|
|
echo 76
|
|
pkgin -y in megatools
|
|
echo 78
|
|
pkgin -y in rp-pppoe
|
|
mkdir /etc/ppp
|
|
cp /usr/pkg/share/examples/rp-pppoe/pppoe.conf /etc/ppp/
|
|
echo 80
|
|
|
|
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d/
|
|
check=$(grep -o "cupsd=" < /etc/rc.conf | wc -l | tr -d ' ')
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
echo cupsd=YES
|
|
service cupsd start
|
|
|
|
else
|
|
|
|
sed -i'' 's/cupsd=NO/cupsd=YES/' /etc/rc.conf
|
|
sed -i'' 's/#cupsd=NO/cupsd=YES/' /etc/rc.conf
|
|
sed -i'' 's/#cupsd=YES/cupsd=YES/' /etc/rc.conf
|
|
|
|
fi
|
|
|
|
check=$(grep -o "dbus=" < /etc/rc.conf | wc -l | tr -d ' ')
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
echo dbus=YES >> /etc/rc.conf
|
|
service dbus start
|
|
|
|
else
|
|
|
|
sed -i'' 's/dbus=NO/dbus=YES/' /etc/rc.conf
|
|
sed -i'' 's/#dbus=NO/dbus=YES/' /etc/rc.conf
|
|
sed -i'' 's/#dbus=YES/dbus=YES/' /etc/rc.conf
|
|
|
|
fi
|
|
|
|
echo 100
|
|
|
|
# Go back to InstallProgramsMenu
|
|
InstallProgramsMenu
|
|
|
|
else
|
|
|
|
pkgin -y in "$choice"
|
|
|
|
fi
|
|
|
|
|
|
if [ "$choice" = "cups" ]; then
|
|
|
|
check=$(grep -o "cupsd=" < /etc/rc.conf | wc -l | tr -d ' ')
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
echo cupsd=YES
|
|
service cupsd start
|
|
|
|
else
|
|
|
|
sed -i'' 's/cupsd=NO/cupsd=YES/' /etc/rc.conf
|
|
sed -i'' 's/#cupsd=NO/cupsd=YES/' /etc/rc.conf
|
|
sed -i'' 's/#cupsd=YES/cupsd=YES/' /etc/rc.conf
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ "$choice" = "dbus" ]; then
|
|
|
|
check=$(grep -o "dbus=" < /etc/rc.conf | wc -l | tr -d ' ')
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
echo dbus=YES
|
|
service dbus start
|
|
|
|
else
|
|
|
|
sed -i'' 's/dbus=NO/dbus=YES/' /etc/rc.conf
|
|
sed -i'' 's/#dbus=NO/dbus=YES/' /etc/rc.conf
|
|
sed -i'' 's/#dbus=YES/dbus=YES/' /etc/rc.conf
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ "$choice" = "rp-pppoe" ]; then
|
|
|
|
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d/
|
|
mkdir /etc/ppp
|
|
cp /usr/pkg/share/examples/rp-pppoe/pppoe.conf /etc/ppp/
|
|
fi
|
|
|
|
done
|
|
) | dialog --gauge "Installation in progress..." 6 32 0
|
|
|
|
# Go back to InstallProgramsMenu
|
|
InstallProgramsMenu
|
|
}
|
|
|
|
BuildTools () {
|
|
|
|
checkInternetConnection
|
|
|
|
#user=$(dialog --title "User" --inputbox "Please enter the username (not root!)" 8 50 2>&1 1>/dev/tty)
|
|
|
|
# Menu Title
|
|
dialog --backtitle "Build Tools Selection" \
|
|
--title "Installing Build Tools" \
|
|
--checklist "Select Tools:" 30 70 20 \
|
|
bmake "Build tool for NetBSD" off \
|
|
gcc13 "GNU Compiler Collection" off \
|
|
binutils "Binary utilities" off \
|
|
m4 "Macro processor" off \
|
|
cmake "Cross-platform make" off \
|
|
autoconf "Automatic configure script builder" off \
|
|
automake "Tool for generating Makefile.in files" off \
|
|
libtool "Generic library support script" off \
|
|
pkg-config "Package configuration tool" off \
|
|
cvs "Concurrent Versions System" off \
|
|
git "Distributed version control system" off \
|
|
groff "GNU troff text-formatting system" off \
|
|
gtexinfo "GNU documentation system" off \
|
|
openssl "Toolkit for SSL/TLS" off \
|
|
zlib "Compression library" off \
|
|
gdb "GNU Debugger" off \
|
|
EVERYTHING "Install every package from the list" off 2>/tmp/util_choices
|
|
|
|
|
|
# Read the user choices from the temporary file.
|
|
util_choices=$(sed 's/"//g' < /tmp/util_choices)
|
|
|
|
# Count the number of selected utilities.
|
|
num_choices=$(echo "$util_choices" | wc -w)
|
|
|
|
# Initialize the progress.
|
|
progress=0
|
|
(
|
|
# Install the selected utilities.
|
|
for choice in $util_choices; do
|
|
# Calculate and update the progress.
|
|
progress=$((progress + 100 / num_choices))
|
|
echo $progress
|
|
|
|
if [ "$choice" = "EVERYTHING" ]; then
|
|
|
|
pkgin -y in bmake
|
|
echo 5
|
|
pkgin -y in gcc13
|
|
echo 10
|
|
pkgin -y in binutils
|
|
echo 15
|
|
pkgin -y in m4
|
|
echo 20
|
|
pkgin -y in cmake
|
|
echo 25
|
|
pkgin -y in autoconf
|
|
echo 30
|
|
pkgin -y in automake
|
|
echo 35
|
|
pkgin -y in libtool
|
|
echo 40
|
|
pkgin -y in pkg-config
|
|
echo 45
|
|
pkgin -y in cvs
|
|
echo 50
|
|
pkgin -y in git
|
|
echo 55
|
|
pkgin -y in groff
|
|
echo 60
|
|
pkgin -y in gtexinfo
|
|
echo 65
|
|
pkgin -y in openssl
|
|
echo 70
|
|
pkgin -y in zlib
|
|
echo 80
|
|
pkgin -y in gdb
|
|
echo 100
|
|
|
|
else
|
|
|
|
pkgin -y in "$choice"
|
|
|
|
fi
|
|
|
|
done
|
|
) | dialog --gauge "Installation in progress..." 6 32 0
|
|
|
|
# Go back to InstallProgramsMenu
|
|
InstallProgramsMenu
|
|
}
|
|
|
|
|
|
# checked
|
|
|
|
xfce4 () {
|
|
|
|
dialog --yesno "This installer will set up XFCE4 and Slim automatically\nIt will not care about graphics, so if you don't already have a correct display with CTWM, you should not go on with XFCE4\n\nYou must have installed a complete version of NetBSD (with X) in order to get it working because this script will not install X\n\nAn already existing username will be asked in order to configure XFCE4 to start automatically after Slim authentication\n\nOff course, you must be connected to internet.\n\nOne last thing (and not the least): you absolutely must install the applications and utilities (menu 4 - Programs) BEFORE going on installing XFCE/Slim or you'll face a lot of conflicts after" 20 70
|
|
goon_ornot=$?
|
|
|
|
if [ $goon_ornot -eq 1 ]; then
|
|
|
|
MainMenu
|
|
|
|
fi
|
|
|
|
checkInternetConnection
|
|
|
|
user=$(dialog --title "User" --inputbox "Please enter the username (not root !)" 8 45 2>&1 1>/dev/tty)
|
|
|
|
{
|
|
# Install Slim
|
|
pkgin -y in slim > /dev/null 2>&1
|
|
echo 50
|
|
pkgin -y in slim-themes > /dev/null 2>&1
|
|
|
|
checkslim=$(grep -o "slim=YES" < /etc/rc.conf | sort | uniq | wc -l | tr -d ' ')
|
|
if [ "$checkslim" -eq 0 ]; then
|
|
echo slim=YES >> /etc/rc.conf
|
|
sed -i "s/current_theme original/current_theme minimal/" /usr/pkg/etc/slim.conf
|
|
fi
|
|
|
|
sed -i "s/xdm=YES/xdm=NO/" /etc/rc.conf
|
|
|
|
echo 100
|
|
|
|
} | dialog --gauge "Installing Slim..." 6 23 0
|
|
|
|
{
|
|
# Install Xfce4
|
|
pkgin -y in elementary-xfce-icon-theme > /dev/null 2>&1
|
|
echo 2
|
|
pkgin -y in libxfce4ui > /dev/null 2>&1
|
|
echo 4
|
|
pkgin -y in libxfce4util > /dev/null 2>&1
|
|
echo 6
|
|
pkgin -y in ristretto > /dev/null 2>&1
|
|
echo 8
|
|
pkgin -y in xfburn > /dev/null 2>&1
|
|
echo 10
|
|
pkgin -y in xfce4 > /dev/null 2>&1
|
|
echo 12
|
|
pkgin -y in xfce4-appfinder > /dev/null 2>&1
|
|
echo 14
|
|
pkgin -y in xfce4-battery-plugin > /dev/null 2>&1
|
|
echo 16
|
|
pkgin -y in xfce4-calculator-plugin > /dev/null 2>&1
|
|
echo 18
|
|
pkgin -y in xfce4-clipman-plugin > /dev/null 2>&1
|
|
echo 20
|
|
pkgin -y in xfce4-conf > /dev/null 2>&1
|
|
echo 21
|
|
pkgin -y in xfce4-cpugraph-plugin > /dev/null 2>&1
|
|
echo 23
|
|
pkgin -y in xfce4-dashboard > /dev/null 2>&1
|
|
echo 24
|
|
pkgin -y in xfce4-desktop > /dev/null 2>&1
|
|
echo 26
|
|
pkgin -y in xfce4-dev-tools > /dev/null 2>&1
|
|
echo 27
|
|
pkgin -y in xfce4-dict > /dev/null 2>&1
|
|
echo 29
|
|
pkgin -y in xfce4-diskperf-plugin > /dev/null 2>&1
|
|
echo 30
|
|
pkgin -y in xfce4-exo > /dev/null 2>&1
|
|
echo 31
|
|
pkgin -y in xfce4-extras > /dev/null 2>&1
|
|
echo 33
|
|
pkgin -y in xfce4-eyes-plugin > /dev/null 2>&1
|
|
echo 34
|
|
pkgin -y in xfce4-fsguard-plugin > /dev/null 2>&1
|
|
echo 36
|
|
pkgin -y in xfce4-garcon > /dev/null 2>&1
|
|
echo 37
|
|
pkgin -y in xfce4-genmon-plugin > /dev/null 2>&1
|
|
echo 38
|
|
pkgin -y in xfce4-icon-theme > /dev/null 2>&1
|
|
echo 40
|
|
pkgin -y in xfce4-indicator-plugin > /dev/null 2>&1
|
|
echo 41
|
|
pkgin -y in xfce4-mailwatch-plugin > /dev/null 2>&1
|
|
echo 42
|
|
pkgin -y in xfce4-mount-plugin > /dev/null 2>&1
|
|
echo 50
|
|
pkgin -y in xfce4-mousepad > /dev/null 2>&1
|
|
echo 52
|
|
pkgin -y in xfce4-mpc-plugin > /dev/null 2>&1
|
|
echo 54
|
|
pkgin -y in xfce4-netload-plugin > /dev/null 2>&1
|
|
echo 56
|
|
pkgin -y in xfce4-notes-plugin > /dev/null 2>&1
|
|
echo 58
|
|
pkgin -y in xfce4-notifyd > /dev/null 2>&1
|
|
echo 60
|
|
pkgin -y in xfce4-orage > /dev/null 2>&1
|
|
echo 62
|
|
pkgin -y in xfce4-panel > /dev/null 2>&1
|
|
echo 64
|
|
pkgin -y in xfce4-places-plugin > /dev/null 2>&1
|
|
echo 66
|
|
pkgin -y in xfce4-power-manager > /dev/null 2>&1
|
|
echo 68
|
|
pkgin -y in xfce4-screenshooter > /dev/null 2>&1
|
|
echo 70
|
|
pkgin -y in xfce4-session > /dev/null 2>&1
|
|
echo 72
|
|
pkgin -y in xfce4-settings > /dev/null 2>&1
|
|
echo 73
|
|
pkgin -y in xfce4-smartbookmark-plugin > /dev/null 2>&1
|
|
echo 75
|
|
pkgin -y in xfce4-systemload-plugin > /dev/null 2>&1
|
|
echo 76
|
|
pkgin -y in xfce4-taskmanager > /dev/null 2>&1
|
|
echo 78
|
|
pkgin -y in xfce4-terminal > /dev/null 2>&1
|
|
echo 79
|
|
pkgin -y in xfce4-thunar > /dev/null 2>&1
|
|
echo 80
|
|
pkgin -y in xfce4-thunar-archive-plugin > /dev/null 2>&1
|
|
echo 81
|
|
pkgin -y in xfce4-thunar-media-tags-plugin > /dev/null 2>&1
|
|
echo 83
|
|
pkgin -y in xfce4-thunar-vcs-plugin > /dev/null 2>&1
|
|
echo 84
|
|
pkgin -y in xfce4-time-out-plugin > /dev/null 2>&1
|
|
echo 85
|
|
pkgin -y in xfce4-timer-plugin > /dev/null 2>&1
|
|
echo 87
|
|
pkgin -y in xfce4-tumbler > /dev/null 2>&1
|
|
echo 88
|
|
pkgin -y in xfce4-verve-plugin > /dev/null 2>&1
|
|
echo 89
|
|
pkgin -y in xfce4-wavelan-plugin > /dev/null 2>&1
|
|
echo 90
|
|
pkgin -y in xfce4-weather-plugin > /dev/null 2>&1
|
|
echo 91
|
|
pkgin -y in xfce4-whiskermenu-plugin > /dev/null 2>&1
|
|
echo 93
|
|
pkgin -y in xfce4-wm > /dev/null 2>&1
|
|
echo 94
|
|
pkgin -y in xfce4-wm-themes > /dev/null 2>&1
|
|
echo 96
|
|
pkgin -y in xfce4-xkb-plugin > /dev/null 2>&1
|
|
echo 97
|
|
|
|
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d/
|
|
|
|
echo 100
|
|
|
|
} | dialog --gauge "Installing Xfce..." 6 23 0
|
|
|
|
dialog --yesno "Would you like to set XFCE to French?" 5 46
|
|
xfce4_french=$?
|
|
|
|
if [ $xfce4_french -eq 0 ]; then
|
|
|
|
echo 'export LANG="fr_FR.UTF-8"' > /home/"$user"/.xsession
|
|
echo 'export LC_CTYPE="fr_FR.UTF-8"' >> /home/"$user"/.xsession
|
|
echo "startxfce4" >> /home/"$user"/.xsession
|
|
|
|
else
|
|
|
|
echo "startxfce4" > /home/"$user"/.xsession
|
|
|
|
fi
|
|
|
|
#echo 'export LANG="fr_FR.UTF-8"' > /home/$user/.xinitrc
|
|
#echo 'export LC_CTYPE="fr_FR.UTF-8"' >> /home/$user/.xinitrc
|
|
#echo "startxfce4" >> /home/$user/.xinitrc
|
|
#echo "startx" >> /home/$user/.profile
|
|
|
|
dialog --yesno "Would you like to restart now?" 5 34
|
|
restart_now=$?
|
|
|
|
if [ $restart_now -eq 0 ]; then
|
|
|
|
reboot
|
|
|
|
fi
|
|
|
|
MainMenu
|
|
}
|
|
|
|
# checked
|
|
|
|
PareFeu () {
|
|
|
|
echo "This script will allow you to quickly configure the NPF firewall
|
|
|
|
It provides a file of standard rules that will be placed in /etc/npf.conf
|
|
|
|
By default, the provided rules file will block all incoming traffic except for SSH (tcp/22) and allow all outgoing traffic in a stateful manner
|
|
A blocklist table for fail2ban is also present, with a blocking rule associated in case you install fail2ban later
|
|
|
|
However, the file contains a bunch of additional commented rules that will allow you to quickly adapt the configuration to your needs
|
|
|
|
The next screen will display the provided rules file in a text editor
|
|
You can make modifications as needed.
|
|
Once you have made your modifications, exit the file and save it without changing its location
|
|
|
|
At the end, you will be asked whether you confirm or not the application of the rules and the start of the firewall" > /tmp/ZRzepinzenr.tmp
|
|
|
|
fold -s -w 67 /tmp/ZRzepinzenr.tmp > /tmp/ZR2zepinzenr.tmp
|
|
|
|
dialog --title "NPF configuration" --textbox /tmp/ZR2zepinzenr.tmp 20 70
|
|
|
|
rm /tmp/ZR2zepinzenr.tmp /tmp/ZRzepinzenr.tmp
|
|
|
|
if [ -e "/etc/npf.conf" ]; then
|
|
|
|
dialog --yesno "A rule file already exists in /etc/npf.conf.\nDo you want to edit the current file or delete it and start over with the default configuration?" 7 53
|
|
check_file=$?
|
|
|
|
if [ $check_file -eq 0 ]; then
|
|
|
|
pico /etc/npf.conf
|
|
|
|
dialog --yesno "Do you want to activate the NPF firewall?\n\nIf you are connected via SSH, the connection will be lost upon activation.\nHowever, if you haven't modified the rule allowing SSH traffic, you will be able to reconnect immediately." 11 60
|
|
activate_npf=$?
|
|
|
|
if [ $activate_npf -eq 0 ]; then
|
|
|
|
checknpf=$(grep -o "npf=" < /etc/rc.conf | sort | uniq | wc -l | tr -d ' ')
|
|
if [ "$checknpf" -eq 0 ]; then
|
|
echo npf=YES >> /etc/rc.conf
|
|
else
|
|
sed -i'' 's/npf=NO/npf=YES/' /etc/rc.conf
|
|
sed -i'' 's/#npf=YES/npf=YES/' /etc/rc.conf
|
|
sed -i'' 's/#npf=NO/npf=YES/' /etc/rc.conf
|
|
fi
|
|
|
|
npfctl start
|
|
npfctl reload /etc/npf.conf
|
|
|
|
fi
|
|
|
|
SecurityMenu
|
|
|
|
fi
|
|
|
|
fi
|
|
# Creating the rules file:
|
|
{
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 1 - Provide information about your network interface(s):"
|
|
echo " "
|
|
echo "# WAN Interface :"
|
|
echo "\$WAN_if = \"wm0\""
|
|
echo "\$WAN_addrs = ifaddrs(wm0)"
|
|
echo " "
|
|
echo "# LAN Interface :"
|
|
echo "# (Uncomment the following only if the server acts as a gateway)"
|
|
echo "#\$LAN_if = \"wm1\""
|
|
echo "#\$LAN_addrs = ifaddrs(wm1)"
|
|
echo " "
|
|
echo 'alg "icmp"'
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 2 - Define the networks"
|
|
echo " "
|
|
echo "# The RFC protects the server from private networks in case it is directly facing the internet."
|
|
echo "# (Uncomment only if the WAN IP is a public IP address)"
|
|
echo "#\$RFC1918 = { 10.0.0.0/8, 172.16.0.0/14, 192.168.0.0/16 }"
|
|
echo " "
|
|
echo "# (Uncomment only if the server acts as a gateway)"
|
|
echo "#\$LAN_net = { 10.10.10.0/24 }"
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 3 - Create a NAT mapping for the LAN."
|
|
echo " "
|
|
echo "# (Uncomment only if the server acts as a gateway)"
|
|
echo "#map inet4(\$WAN_if) dynamic \$LAN_net -> inet4(\$WAN_if)"
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 4 - Create a procedure for logging connections:"
|
|
echo " "
|
|
echo 'procedure "log" {'
|
|
echo ' # Send all events to a log (see npfd))'
|
|
echo ' log: npflog0'
|
|
echo '}'
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 5 - Create tables"
|
|
echo " "
|
|
echo "# Create a table for fail2ban"
|
|
echo "table <fail2ban> type ipset"
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 6 - Rule group for the WAN interface:"
|
|
echo " "
|
|
echo "group \"WAN\" on \$WAN_if {"
|
|
echo " "
|
|
echo " # Block IP from fail2ban table"
|
|
echo " block in final from <fail2ban> apply \"log\""
|
|
echo " "
|
|
echo " # Allow all stateful outgoing traffic by selecting the protocol:"
|
|
echo " #pass stateful out final proto tcp all"
|
|
echo " #pass stateful out final proto udp all"
|
|
echo " #pass stateful out final proto icmp all"
|
|
echo " #pass stateful out final proto ipv6-icmp all"
|
|
echo " "
|
|
echo " # Allow all stateful outgoing traffic (all protocols)."
|
|
echo " pass stateful out final all"
|
|
echo " "
|
|
echo " # SSH: Allow SSH connections to the server"
|
|
echo " pass stateful in on \$WAN_if proto tcp to \$WAN_addrs port ssh"
|
|
echo " "
|
|
echo " # Web Server: Allow HTTP and HTTPS connections to the server"
|
|
echo " #pass in final proto tcp from any to \$WAN_addrs port http"
|
|
echo " #pass in final proto tcp from any to \$WAN_addrs port https"
|
|
echo " "
|
|
echo " # DHCP: Allow incoming responses from the DHCP server."
|
|
echo " #pass in family inet4 proto udp from any port bootps to any port bootpc"
|
|
echo " #pass in family inet6 proto udp from any to any port \"dhcpv6-client\""
|
|
echo " "
|
|
echo " # Ping: Allow incoming ping requests"
|
|
echo ' #pass in family inet4 proto icmp icmp-type echo all'
|
|
echo ' #pass in final proto icmp icmp-type echo all'
|
|
echo ' #pass in final proto icmp icmp-type timxceed all'
|
|
echo ' #pass in final proto icmp icmp-type unreach all'
|
|
echo ' #pass in final proto icmp icmp-type echoreply all'
|
|
echo ' #pass in final proto icmp icmp-type sourcequench all'
|
|
echo ' #pass in final proto icmp icmp-type paramprob all'
|
|
echo ' #pass in final proto ipv6-icmp all'
|
|
echo ' #pass family inet6 proto ipv6-icmp all'
|
|
echo " "
|
|
echo ' # Traceroute: Allow incoming traceroute.'
|
|
echo ' #pass in proto udp to any port 33434-33600'
|
|
echo " "
|
|
echo ' # DNS: Allow incoming DNS requests'
|
|
echo ' #pass stateful out final proto udp to any port domain'
|
|
echo " "
|
|
echo ' # mDNS: Allow local traffic'
|
|
echo ' #pass in proto udp to any port mdns'
|
|
echo " "
|
|
echo ' # Block private networks:'
|
|
echo " #block in final from \$RFC1918 apply \"log\""
|
|
echo " #block out final to \$RFC1918 apply \"log\""
|
|
echo " "
|
|
echo ' # Forbidden IPs: (separate configuration)'
|
|
echo ' # ruleset "blacklistd"'
|
|
echo " "
|
|
echo " # IP Spoofing: Protect yourself (be careful not to cut off SSH access!)"
|
|
echo ' #block in final from 127.0.0.1 apply "log"'
|
|
echo " "
|
|
echo ' # L2TP/IPSEC-NAT-T Tunnels.'
|
|
echo " #pass in final proto esp from any to inet4(\$WAN_if)"
|
|
echo " #pass out final proto esp from inet4(\$WAN_if) to any"
|
|
echo " #pass stateful in final from any to inet4(\$WAN_if) port \"ipsec-nat-t\""
|
|
echo " #pass stateful in final from any to inet4(\$WAN_if) port l2tp"
|
|
echo " "
|
|
echo ' # IGMP on 224.0.0.1.'
|
|
echo ' #pass in final proto igmp all'
|
|
echo ' #pass in final from any to 224.0.0.0/4'
|
|
echo " "
|
|
echo ' # VNC'
|
|
echo " #pass in final proto tcp from any to any port 5900"
|
|
echo " "
|
|
echo '}'
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 7 - Rule group for the LAN interface:"
|
|
echo " "
|
|
echo "# (This group manages rules for the LAN interface when the server acts as a gateway)"
|
|
echo " "
|
|
echo "#group \"LAN\" on \$LAN_if {"
|
|
echo " "
|
|
echo " # Allow stateful incoming and outgoing traffic"
|
|
echo ' #pass stateful out final all'
|
|
echo ' #pass stateful in final all'
|
|
echo " "
|
|
echo " # Allow connections from the LAN network:"
|
|
echo " #pass in final from \$LAN_net"
|
|
echo " "
|
|
echo " # Allow all traffic"
|
|
echo " #pass in final all"
|
|
echo " #pass out final all"
|
|
echo " "
|
|
echo '#}'
|
|
echo " "
|
|
echo "########################################################################"
|
|
echo " "
|
|
echo "# 8 - Default rule group:"
|
|
echo " "
|
|
echo 'group default {'
|
|
echo " "
|
|
echo ' # Loopback : Allow traffic'
|
|
echo " pass final on lo0 all"
|
|
echo " "
|
|
echo ' # Close the firewall'
|
|
echo ' block all apply "log"'
|
|
echo " "
|
|
echo '}'
|
|
echo "########################################################################"
|
|
} > /etc/npf.conf
|
|
|
|
pico /etc/npf.conf
|
|
|
|
dialog --yesno "Do you want to activate the NPF firewall?\n\nIf you are connected via SSH, the connection will be lost upon activation.\nHowever, if you haven't modified the rule allowing SSH traffic, you will be able to reconnect immediately." 10 60
|
|
activate_npf=$?
|
|
|
|
if [ $activate_npf -eq 0 ]; then
|
|
|
|
checknpf=$(grep -o "npf=" < /etc/rc.conf | sort | uniq | wc -l | tr -d ' ')
|
|
if [ "$checknpf" -eq 0 ]; then
|
|
|
|
# Launch NPF at startup:
|
|
echo npf=YES >> /etc/rc.conf
|
|
else
|
|
# Launch NPF at startup:
|
|
sed -i'' 's/npf=NO/npf=YES/' /etc/rc.conf
|
|
sed -i'' 's/#npf=YES/npf=YES/' /etc/rc.conf
|
|
sed -i'' 's/#npf=NO/npf=YES/' /etc/rc.conf
|
|
fi
|
|
|
|
# Start NPF, load the rules
|
|
npfctl start
|
|
npfctl reload /etc/npf.conf
|
|
|
|
fi
|
|
|
|
PareFeuMenu
|
|
}
|
|
|
|
# checked
|
|
|
|
ShowRulesNPF () {
|
|
|
|
if [ ! -e "/etc/npf.conf" ]; then
|
|
dialog --msgbox "The firewall is not yet configured." 5 38
|
|
PareFeuMenu
|
|
fi
|
|
|
|
npfctl show > /tmp/Gzebpnief.tmp
|
|
|
|
dialog --textbox /tmp/Gzebpnief.tmp 0 0
|
|
|
|
rm /tmp/Gzebpnief.tmp
|
|
|
|
PareFeuMenu
|
|
}
|
|
|
|
# checked
|
|
|
|
InstallFail2ban () {
|
|
|
|
{
|
|
# check if fail2ban is already installed
|
|
if [ ! -e /usr/pkg/bin/fail2ban-server ]; then
|
|
|
|
checkInternetConnection
|
|
|
|
echo 10
|
|
|
|
pkgin -y in fail2ban > /dev/null 2>&1
|
|
|
|
echo 50
|
|
|
|
cp /usr/pkg/share/examples/rc.d/fail2ban /etc/rc.d/
|
|
|
|
# check for fail2ban in /etc/rc.conf
|
|
check=$(grep -o 'fail2ban=' < /etc/rc.conf | sort | uniq | tr -d ' ')
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
echo fail2ban=YES >> /etc/rc.conf
|
|
|
|
else
|
|
|
|
sed -i'' "s/fail2ban=NO/fail2ban=YES/" /etc/rc.conf
|
|
sed -i'' "s/#fail2ban=YES/fail2ban=YES/" /etc/rc.conf
|
|
sed -i'' "s/#fail2ban=NO/fail2ban=YES/" /etc/rc.conf
|
|
|
|
fi
|
|
|
|
|
|
# check for other things :
|
|
mkdir /usr/pkg/etc/fail2ban/filter.d/ignorecommands
|
|
cp /usr/pkg/share/examples/fail2ban/filter.d/ignorecommands/apache-fakegooglebot /usr/pkg/etc/fail2ban/filter.d/ignorecommands/
|
|
chmod 0644 /usr/pkg/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
|
|
|
|
fi
|
|
|
|
echo 100
|
|
|
|
} | dialog --gauge "Check for fail2ban..." 6 25 0
|
|
|
|
|
|
# checking for NPF correct configuration for fail2ban :
|
|
if [ ! -e /etc/npf.conf ]; then
|
|
|
|
dialog --yesno "To allow fail2ban to function properly, the NPF firewall must be configured and started beforehand\n\nDo you want to configure NPF now?" 9 70
|
|
npfnow_ornot=$?
|
|
if [ $npfnow_ornot -eq 0 ]; then
|
|
|
|
PareFeu
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
#Check for previous configuration
|
|
if [ -e /usr/pkg/etc/fail2ban/jail.local ]; then
|
|
|
|
|
|
dialog --yesno "A previous configuration of Fail2ban has been found\n\nWould you like to edit it (Yes) or start from a new configuration (No)" 8 70
|
|
new_ornot=$?
|
|
|
|
if [ $new_ornot -eq 1 ]; then
|
|
|
|
# Standard fail2ban.local :
|
|
{
|
|
echo '[INCLUDES]'
|
|
echo 'before = paths-pkgsrc.conf'
|
|
|
|
echo ''
|
|
|
|
echo '[DEFAULT]'
|
|
echo 'ignoreip = 127.0.0.1/8'
|
|
echo 'bantime = 10m'
|
|
echo 'findtime = 10m'
|
|
echo 'maxretry = 5'
|
|
echo 'maxmatches = %(maxretry)s'
|
|
echo 'backend = auto'
|
|
echo 'usedns = warn'
|
|
echo 'logencoding = auto'
|
|
echo 'enabled = false'
|
|
echo 'mode = normal'
|
|
echo 'filter = %(__name__)s[mode=%(mode)s]'
|
|
|
|
echo ''
|
|
|
|
echo 'destemail = root@localhost'
|
|
echo 'sender = root@<fq-hostname>'
|
|
echo 'mta = sendmail'
|
|
echo 'protocol = tcp'
|
|
echo 'chain = <known/chain>'
|
|
echo 'port = 0:65535'
|
|
echo 'fail2ban_agent = Fail2Ban/%(fail2ban_version)s'
|
|
|
|
echo ''
|
|
|
|
echo 'banaction = npf'
|
|
|
|
echo ''
|
|
|
|
echo '[sshd]'
|
|
echo '# To use more aggressive sshd modes set filter parameter "mode" in jail.local:'
|
|
echo '# normal (default), ddos, extra or aggressive (combines all).'
|
|
echo '# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.'
|
|
echo '#mode = normal'
|
|
echo 'enabled = true'
|
|
echo 'port = ssh'
|
|
echo 'logpath = /var/log/authlog'
|
|
echo 'backend = %(sshd_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[dropbear]'
|
|
echo 'port = ssh'
|
|
echo 'logpath = %(dropbear_log)s'
|
|
echo 'backend = %(dropbear_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[selinux-ssh]'
|
|
echo 'port = ssh'
|
|
echo 'logpath = %(auditd_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# HTTP servers'
|
|
echo '#'
|
|
|
|
echo '[apache-auth]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-badbots]'
|
|
echo '# Ban hosts which agent identifies spammer robots crawling the web'
|
|
echo '# for email addresses. The mail outputs are buffered.'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_access_log)s'
|
|
echo 'bantime = 48h'
|
|
echo 'maxretry = 1'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-noscript]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-overflows]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
echo 'maxretry = 2'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-nohome]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
echo 'maxretry = 2'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-botsearch]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
echo 'maxretry = 2'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-fakegooglebot]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_access_log)s'
|
|
echo 'maxretry = 1'
|
|
echo 'ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip>'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-modsecurity]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
echo 'maxretry = 2'
|
|
|
|
echo ''
|
|
|
|
echo '[apache-shellshock]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
echo 'maxretry = 1'
|
|
|
|
echo ''
|
|
|
|
echo '[openhab-auth]'
|
|
echo 'filter = openhab'
|
|
echo 'banaction = %(banaction_allports)s'
|
|
echo 'logpath = /opt/openhab/logs/request.log'
|
|
|
|
echo ''
|
|
|
|
echo '# To use more aggressive http-auth modes set filter parameter "mode" in jail.local:'
|
|
echo '# normal (default), aggressive (combines all), auth or fallback'
|
|
echo '[nginx-http-auth]'
|
|
echo '# mode = normal'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(nginx_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo "# To use 'nginx-limit-req' jail you should have \`ngx_http_limit_req_module\`"
|
|
echo "# and define \`limit_req\` and \`limit_req_zone\` as described in nginx documentation"
|
|
echo '# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html'
|
|
echo '# or for example see in '\''config/filter.d/nginx-limit-req.conf'\'''
|
|
echo '[nginx-limit-req]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(nginx_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[nginx-botsearch]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(nginx_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[nginx-bad-request]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(nginx_access_log)s'
|
|
|
|
echo ''
|
|
|
|
echo "# Ban attackers that try to use PHP's URL-fopen() functionality"
|
|
echo '# through GET/POST variables. - Experimental, with more than a year'
|
|
echo '# of usage in production environments.'
|
|
|
|
echo ''
|
|
|
|
echo '[php-url-fopen]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(nginx_access_log)s'
|
|
echo ' %(apache_access_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[suhosin]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(suhosin_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[lighttpd-auth]'
|
|
echo '# Same as above for Apache'\''s mod_auth'
|
|
echo '# It catches wrong authentifications'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(lighttpd_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# Webmail and groupware servers'
|
|
echo '#'
|
|
|
|
echo '[roundcube-auth]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(roundcube_errors_log)s'
|
|
echo '# Use following line in your jail.local if roundcube logs to journal.'
|
|
echo '#backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[openwebmail]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/openwebmail.log'
|
|
|
|
echo ''
|
|
|
|
echo '[horde]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/horde/horde.log'
|
|
|
|
echo ''
|
|
|
|
echo '[groupoffice]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /home/groupoffice/log/info.log'
|
|
|
|
echo ''
|
|
|
|
echo '[sogo-auth]'
|
|
echo '# Monitor SOGo groupware server'
|
|
echo '# without proxy this would be:'
|
|
echo '# port = 20000'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/sogo/sogo.log'
|
|
|
|
echo ''
|
|
|
|
echo '[tine20]'
|
|
echo 'logpath = /var/log/tine20/tine20.log'
|
|
echo 'port = http,https'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# Web Applications'
|
|
echo '#'
|
|
|
|
echo '[drupal-auth]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(syslog_daemon)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[guacamole]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/tomcat*/catalina.out'
|
|
echo '#logpath = /var/log/guacamole.log'
|
|
|
|
echo ''
|
|
|
|
echo '[monit]'
|
|
echo '#Ban clients brute-forcing the monit gui login'
|
|
echo 'port = 2812'
|
|
echo 'logpath = /var/log/monit'
|
|
echo ' /var/log/monit.log'
|
|
|
|
echo ''
|
|
|
|
echo '[webmin-auth]'
|
|
echo 'port = 10000'
|
|
echo 'logpath = %(syslog_authpriv)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[froxlor-auth]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(syslog_authpriv)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# HTTP Proxy servers'
|
|
echo '#'
|
|
|
|
echo '[squid]'
|
|
echo 'port = 80,443,3128,8080'
|
|
echo 'logpath = /var/log/squid/access.log'
|
|
|
|
echo ''
|
|
|
|
echo '[3proxy]'
|
|
echo 'port = 3128'
|
|
echo 'logpath = /var/log/3proxy.log'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# FTP servers'
|
|
echo '#'
|
|
|
|
echo '[proftpd]'
|
|
echo 'port = ftp,ftp-data,ftps,ftps-data'
|
|
echo 'logpath = %(proftpd_log)s'
|
|
echo 'backend = %(proftpd_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[pure-ftpd]'
|
|
echo 'port = ftp,ftp-data,ftps,ftps-data'
|
|
echo 'logpath = %(pureftpd_log)s'
|
|
echo 'backend = %(pureftpd_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[gssftpd]'
|
|
echo 'port = ftp,ftp-data,ftps,ftps-data'
|
|
echo 'logpath = %(syslog_daemon)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[wuftpd]'
|
|
echo 'port = ftp,ftp-data,ftps,ftps-data'
|
|
echo 'logpath = %(wuftpd_log)s'
|
|
echo 'backend = %(wuftpd_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[vsftpd]'
|
|
echo '# or overwrite it in jails.local to be'
|
|
echo '# logpath = %(syslog_authpriv)s'
|
|
echo '# if you want to rely on PAM failed login attempts'
|
|
echo "# vsftpd's failregex should match both of those formats"
|
|
echo 'port = ftp,ftp-data,ftps,ftps-data'
|
|
echo 'logpath = %(vsftpd_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# Mail servers'
|
|
echo '#'
|
|
|
|
echo '# ASSP SMTP Proxy Jail'
|
|
echo '[assp]'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = /root/path/to/assp/logs/maillog.txt'
|
|
|
|
echo ''
|
|
|
|
echo '[courier-smtp]'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[postfix]'
|
|
echo '# To use another modes set filter parameter "mode" in jail.local:'
|
|
echo 'mode = more'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(postfix_log)s'
|
|
echo 'backend = %(postfix_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[postfix-rbl]'
|
|
echo 'filter = postfix[mode=rbl]'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(postfix_log)s'
|
|
echo 'backend = %(postfix_backend)s'
|
|
echo 'maxretry = 1'
|
|
|
|
echo ''
|
|
|
|
echo '[sendmail-auth]'
|
|
echo 'port = submission,465,smtp'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[sendmail-reject]'
|
|
echo '# To use more aggressive modes set filter parameter "mode" in jail.local:'
|
|
echo '# normal (default), extra or aggressive'
|
|
echo '# See "tests/files/logs/sendmail-reject" or "filter.d/sendmail-reject.conf" for usage example and details.'
|
|
echo '#mode = normal'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[qmail-rbl]'
|
|
echo 'filter = qmail'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = /service/qmail/log/main/current'
|
|
|
|
echo ''
|
|
|
|
echo '# dovecot defaults to logging to the mail syslog facility'
|
|
echo '# but can be set by syslog_facility in the dovecot configuration.'
|
|
echo '[dovecot]'
|
|
echo 'port = pop3,pop3s,imap,imaps,submission,465,sieve'
|
|
echo 'logpath = %(dovecot_log)s'
|
|
echo 'backend = %(dovecot_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[sieve]'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(dovecot_log)s'
|
|
echo 'backend = %(dovecot_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[solid-pop3d]'
|
|
echo 'port = pop3,pop3s'
|
|
echo 'logpath = %(solidpop3d_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[exim]'
|
|
echo '# see filter.d/exim.conf for further modes supported from filter:'
|
|
echo '#mode = normal'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(exim_main_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[exim-spam]'
|
|
echo 'port = smtp,465,submission'
|
|
echo 'logpath = %(exim_main_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[kerio]'
|
|
echo 'port = imap,smtp,imaps,465'
|
|
echo 'logpath = /opt/kerio/mailserver/store/logs/security.log'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# Mail servers authenticators: might be used for smtp,ftp,imap servers, so'
|
|
echo '# all relevant ports get banned'
|
|
echo '#'
|
|
|
|
echo ''
|
|
|
|
echo '[courier-auth]'
|
|
echo 'port = smtp,465,submission,imap,imaps,pop3,pop3s'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[postfix-sasl]'
|
|
echo 'filter = postfix[mode=auth]'
|
|
echo 'port = smtp,465,submission,imap,imaps,pop3,pop3s'
|
|
echo '# You might consider monitoring /var/log/mail.warn instead if you are'
|
|
echo '# running postfix since it would provide the same log lines at the'
|
|
echo '# "warn" level but overall at the smaller filesize.'
|
|
echo 'logpath = %(postfix_log)s'
|
|
echo 'backend = %(postfix_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[perdition]'
|
|
echo 'port = imap,imaps,pop3,pop3s'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[squirrelmail]'
|
|
echo 'port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks'
|
|
echo 'logpath = /var/db/squirrelmail/prefs/squirrelmail_access_log'
|
|
|
|
echo ''
|
|
|
|
echo '[cyrus-imap]'
|
|
echo 'port = imap,imaps'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[uwimap-auth]'
|
|
echo 'port = imap,imaps'
|
|
echo 'logpath = %(syslog_mail)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '#'
|
|
echo '# DNS servers'
|
|
echo '#'
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '#'
|
|
echo '# !!! WARNING !!!'
|
|
echo '# Since UDP is connection-less protocol, spoofing of IP and imitation'
|
|
echo '# of illegal actions is way too simple. Thus enabling of this filter'
|
|
echo '# might provide an easy way for implementing a DoS against a chosen'
|
|
echo '# victim. See'
|
|
echo '# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html'
|
|
echo '# Please DO NOT USE this jail unless you know what you are doing.'
|
|
echo '#'
|
|
echo '# IMPORTANT: see filter.d/named-refused for instructions to enable logging'
|
|
echo '# This jail blocks UDP traffic for DNS requests.'
|
|
echo '# [named-refused-udp]'
|
|
echo '#'
|
|
echo '# filter = named-refused'
|
|
echo '# port = domain,953'
|
|
echo '# protocol = udp'
|
|
echo '# logpath = /var/log/named/security.log'
|
|
|
|
echo '#'
|
|
echo '#'
|
|
|
|
echo '# IMPORTANT: see filter.d/named-refused for instructions to enable logging'
|
|
echo '# This jail blocks TCP traffic for DNS requests.'
|
|
|
|
echo ''
|
|
echo ''
|
|
|
|
echo '[named-refused]'
|
|
echo 'port = domain,953'
|
|
echo 'logpath = /var/log/named/security.log'
|
|
|
|
echo ''
|
|
echo ''
|
|
|
|
echo '[nsd]'
|
|
echo 'port = 53'
|
|
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
|
|
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
|
|
echo 'logpath = /var/log/nsd.log'
|
|
|
|
echo ''
|
|
|
|
echo '#'
|
|
echo '# Miscellaneous'
|
|
echo '#'
|
|
|
|
echo ''
|
|
|
|
echo '[asterisk]'
|
|
echo 'port = 5060,5061'
|
|
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
|
|
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
|
|
echo 'logpath = /var/log/asterisk/messages'
|
|
echo 'maxretry = 10'
|
|
|
|
echo ''
|
|
|
|
echo '[freeswitch]'
|
|
echo 'port = 5060,5061'
|
|
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
|
|
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
|
|
echo 'logpath = /var/log/freeswitch.log'
|
|
echo 'maxretry = 10'
|
|
|
|
echo ''
|
|
|
|
echo '# enable adminlog; it will log to a file inside znc'\''s directory by default.'
|
|
echo '[znc-adminlog]'
|
|
echo 'port = 6667'
|
|
echo 'logpath = /var/db/znc/moddata/adminlog/znc.log'
|
|
|
|
echo ''
|
|
|
|
echo '# To log wrong MySQL access attempts add to /usr/pkg/etc/my.cnf in [mysqld] or'
|
|
echo '# equivalent section:'
|
|
echo '# log-warnings = 2'
|
|
echo '#'
|
|
echo '# for syslog (daemon facility)'
|
|
echo '# [mysqld_safe]'
|
|
echo '# syslog'
|
|
echo '#'
|
|
echo '# for own logfile'
|
|
echo '# [mysqld]'
|
|
echo '# log-error=/var/log/mysqld.log'
|
|
echo '[mysqld-auth]'
|
|
echo 'port = 3306'
|
|
echo 'logpath = %(mysql_log)s'
|
|
echo 'backend = %(mysql_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[mssql-auth]'
|
|
echo '# Default configuration for Microsoft SQL Server for Linux'
|
|
echo '# See the '\''mssql-conf'\'' manpage how to change logpath or port'
|
|
echo 'logpath = /var/opt/mssql/log/errorlog'
|
|
echo 'port = 1433'
|
|
echo 'filter = mssql-auth'
|
|
|
|
echo ''
|
|
|
|
echo '# Log wrong MongoDB auth (for details see filter '\''filter.d/mongodb-auth.conf'\'')'
|
|
echo '[mongodb-auth]'
|
|
echo '# change port when running with "--shardsvr" or "--configsvr" runtime operation'
|
|
echo 'port = 27017'
|
|
echo 'logpath = /var/log/mongodb/mongodb.log'
|
|
echo ''
|
|
echo '# Jail for more extended banning of persistent abusers'
|
|
echo '# !!! WARNINGS !!!'
|
|
echo '# 1. Make sure that your loglevel specified in fail2ban.conf/.local'
|
|
echo '# is not at DEBUG level -- which might then cause fail2ban to fall into'
|
|
echo '# an infinite loop constantly feeding itself with non-informative lines'
|
|
echo '# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)'
|
|
echo '# to maintain entries for failed logins for sufficient amount of time'
|
|
echo '[recidive]'
|
|
echo ''
|
|
echo 'logpath = /var/log/fail2ban.log'
|
|
echo 'banaction = %(banaction_allports)s'
|
|
echo 'bantime = 1w'
|
|
echo 'findtime = 1d'
|
|
|
|
echo ''
|
|
|
|
echo '# Generic filter for PAM. Has to be used with action which bans all'
|
|
echo '# ports such as iptables-allports, shorewall'
|
|
|
|
echo ''
|
|
|
|
echo '[pam-generic]'
|
|
echo '# pam-generic filter can be customized to monitor specific subset of '\''tty'\''s'
|
|
echo 'banaction = %(banaction_allports)s'
|
|
echo 'logpath = %(syslog_authpriv)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[xinetd-fail]'
|
|
echo 'banaction = iptables-multiport-log'
|
|
echo 'logpath = %(syslog_daemon)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
echo 'maxretry = 2'
|
|
|
|
echo ''
|
|
|
|
echo '# stunnel - need to set port for this'
|
|
echo '[stunnel]'
|
|
echo 'logpath = /var/log/stunnel4/stunnel.log'
|
|
|
|
echo ''
|
|
|
|
echo '[ejabberd-auth]'
|
|
echo 'port = 5222'
|
|
echo 'logpath = /var/log/ejabberd/ejabberd.log'
|
|
|
|
echo ''
|
|
|
|
echo '[counter-strike]'
|
|
echo 'logpath = /opt/cstrike/logs/L[0-9]*.log'
|
|
echo 'tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039'
|
|
echo 'udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015'
|
|
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp"]'
|
|
echo ' %(default/action_)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp"]'
|
|
|
|
echo ''
|
|
|
|
echo '[softethervpn]'
|
|
echo 'port = 500,4500'
|
|
echo 'protocol = udp'
|
|
echo 'logpath = /usr/local/vpnserver/security_log/*/sec.log'
|
|
|
|
echo ''
|
|
|
|
echo '[gitlab]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/gitlab/gitlab-rails/application.log'
|
|
|
|
echo ''
|
|
|
|
echo '[grafana]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/grafana/grafana.log'
|
|
|
|
echo ''
|
|
|
|
echo '[bitwarden]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /home/*/bwdata/logs/identity/Identity/log.txt'
|
|
|
|
echo ''
|
|
|
|
echo '[centreon]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/centreon/login.log'
|
|
|
|
echo ''
|
|
|
|
echo '# consider low maxretry and a long bantime'
|
|
echo '# nobody except your own Nagios server should ever probe nrpe'
|
|
echo '[nagios]'
|
|
echo 'logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility'
|
|
echo 'backend = %(syslog_backend)s'
|
|
echo 'maxretry = 1'
|
|
|
|
echo ''
|
|
|
|
echo '[oracleims]'
|
|
echo '# see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above'
|
|
echo 'logpath = /opt/sun/comms/messaging64/log/mail.log_current'
|
|
echo 'banaction = %(banaction_allports)s'
|
|
|
|
echo ''
|
|
|
|
echo '[directadmin]'
|
|
echo 'logpath = /var/log/directadmin/login.log'
|
|
echo 'port = 2222'
|
|
|
|
echo ''
|
|
|
|
echo '[portsentry]'
|
|
echo 'logpath = /var/db/portsentry/portsentry.history'
|
|
echo 'maxretry = 1'
|
|
|
|
echo ''
|
|
|
|
echo '[pass2allow-ftp]'
|
|
echo '# this pass2allow example allows FTP traffic after successful HTTP authentication'
|
|
echo 'port = ftp,ftp-data,ftps,ftps-data'
|
|
echo '# knocking_url variable must be overridden to some secret value in jail.local'
|
|
echo 'knocking_url = /knocking/'
|
|
echo 'filter = apache-pass[knocking_url="%(knocking_url)s"]'
|
|
echo '# access log of the website with HTTP auth'
|
|
echo 'logpath = %(apache_access_log)s'
|
|
echo 'blocktype = RETURN'
|
|
echo 'returntype = DROP'
|
|
echo 'action = %(action_)s[blocktype=%(blocktype)s, returntype=%(returntype)s,'
|
|
echo ' actionstart_on_demand=false, actionrepair_on_unban=true]'
|
|
echo 'bantime = 1h'
|
|
echo 'maxretry = 1'
|
|
echo 'findtime = 1'
|
|
|
|
echo ''
|
|
|
|
echo '[murmur]'
|
|
echo '# AKA mumble-server'
|
|
echo 'port = 64738'
|
|
echo 'action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"]'
|
|
echo ' %(default/action_)s[name=%(__name__)s-udp, protocol="udp"]'
|
|
echo 'logpath = /var/log/mumble-server/mumble-server.log'
|
|
|
|
echo ''
|
|
|
|
echo '[screensharingd]'
|
|
echo '# For Mac OS Screen Sharing Service (VNC)'
|
|
echo 'logpath = /var/log/system.log'
|
|
echo 'logencoding = utf-8'
|
|
|
|
echo ''
|
|
|
|
echo '[haproxy-http-auth]'
|
|
echo "# HAProxy by default doesn't log to file you'll need to set it up to forward"
|
|
echo '# logs to a syslog server which would then write them to disk.'
|
|
echo '# See "haproxy-http-auth" filter for a brief cautionary note when setting'
|
|
echo '# maxretry and findtime.'
|
|
echo 'logpath = /var/log/haproxy.log'
|
|
|
|
echo ''
|
|
|
|
echo '[slapd]'
|
|
echo 'port = ldap,ldaps'
|
|
echo 'logpath = /var/log/slapd.log'
|
|
echo ''
|
|
echo '[domino-smtp]'
|
|
echo 'port = smtp,ssmtp'
|
|
echo 'logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log'
|
|
|
|
echo ''
|
|
|
|
echo '[phpmyadmin-syslog]'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(syslog_authpriv)s'
|
|
echo 'backend = %(syslog_backend)s'
|
|
|
|
echo ''
|
|
|
|
echo '[zoneminder]'
|
|
echo '# Zoneminder HTTP/HTTPS web interface auth'
|
|
echo '# Logs auth failures to apache2 error log'
|
|
echo 'port = http,https'
|
|
echo 'logpath = %(apache_error_log)s'
|
|
|
|
echo ''
|
|
|
|
echo '[traefik-auth]'
|
|
echo "# to use 'traefik-auth' filter you have to configure your Traefik instance,"
|
|
echo "# see \`filter.d/traefik-auth.conf\` for details and service example."
|
|
echo 'port = http,https'
|
|
echo 'logpath = /var/log/traefik/access.log'
|
|
|
|
echo ''
|
|
|
|
echo '[scanlogd]'
|
|
echo 'logpath = %(syslog_local0)s'
|
|
echo 'banaction = %(banaction_allports)s'
|
|
|
|
echo ''
|
|
|
|
echo '[monitorix]'
|
|
echo 'port = 8080'
|
|
echo 'logpath = /var/log/monitorix-httpd'
|
|
} > /usr/pkg/etc/fail2ban/jail.local
|
|
|
|
|
|
pico /usr/pkg/etc/fail2ban/jail.local
|
|
|
|
else
|
|
|
|
pico /usr/pkg/etc/fail2ban/jail.local
|
|
|
|
dialog --yesno "Do you want to (re)start fail2ban?" 5 39
|
|
restart_ornot=$?
|
|
if [ $restart_ornot -eq 0 ]; then
|
|
|
|
service fail2ban restart > /dev/null 2>&1
|
|
|
|
Fail2banMenu
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
dialog --yesno "Do you want to (re)start fail2ban?" 5 39
|
|
restart_ornot=$?
|
|
if [ $restart_ornot -eq 0 ]; then
|
|
|
|
service fail2ban restart > /dev/null 2>&1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
Fail2banMenu
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
ConfigureSSH () {
|
|
|
|
# Check if OpenSSH is installed or not
|
|
check=$(grep -o "sshd=YES" < /etc/rc.conf | wc -l | tr -d ' ')
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
if [ ! -e /usr/sbin/sshd ]; then
|
|
|
|
dialog --yesno "OpenSSH is not installed on your system, do you want to install it?" 6 44
|
|
sshd_install=$?
|
|
|
|
checkInternetConnection
|
|
|
|
if [ $sshd_install -eq 0 ]; then
|
|
|
|
pkgin -y in opensshd
|
|
# I don't remember if sshd goes automatically to /etc/rc.d/... in case :
|
|
cp /usr/pkg/share/examples/rc.d/sshd /etc/rc.d/sshd
|
|
|
|
echo sshd=YES >> /etc/rc.conf
|
|
|
|
fi
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
# Check if a previous configuration has already been done
|
|
if [ -e /etc/ssh/sshd_config.BAK ]; then
|
|
|
|
dialog --yesno "A previous configuration seems to have been done\nDo you want to restore the backup file (Yes) or work on the actual configuration? (No)" 7 52
|
|
what_todo=$?
|
|
|
|
if [ $what_todo -eq 0 ]; then
|
|
|
|
cp /etc/ssh/sshd_config.BAK /etc/ssh/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
dialog --yesno "Do you want to create a backup of the original /etc/ssh/sshd_config before starting to edit the configuration?\n(you really should say yes!!)" 7 70
|
|
bak_ornot=$?
|
|
|
|
if [ $bak_ornot -eq 0 ]; then
|
|
|
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.BAK
|
|
|
|
dialog --msgbox "/etc/ssh/sshd_config has been saved as /etc/ssh/sshd_config.BAK" 5 68
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
# be guided for configuration or not ?
|
|
dialog --yesno "Do you wish to be guided (Yes) in order to configure SSH properly (with usual parameters)\nor\nDo you prefer to do it yourself? (No)" 8 70
|
|
guided_ornot=$?
|
|
|
|
if [ $guided_ornot -eq 0 ]; then
|
|
|
|
dialog --msgbox "Then, let's start!" 5 22
|
|
|
|
{
|
|
echo "###########################"
|
|
echo "# CUSTOM SSH CONFIGURATION"
|
|
echo " "
|
|
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
# SSH PORT
|
|
dialog --yesno "Do you want to change the SSH port?\n\nBy default, the SSH port is 22 (TCP)\n(It is recommended to use another port to reduce the risk of automated attacks)" 9 70
|
|
change_port=$?
|
|
|
|
if [ $change_port -eq 0 ]; then
|
|
|
|
nport=$(dialog --inputbox "Please enter a new port number (>10,000 and <65,000 preferably)" 8 68 2>&1 1>/dev/tty)
|
|
{
|
|
echo "# PORT"
|
|
echo "Port $nport"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
# check if the NPF firewall has already been configured
|
|
if [ -e /etc/npf.conf ]; then
|
|
|
|
check=$(npfctl show | grep -o "inactive" | sort | uniq | wc -l | tr -d ' ')
|
|
if [ ! "$check" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The NPF firewall seems to be active\nYou also need to change the SSH port in the rules file to avoid being blocked when SSH is activated.\n\nThe NPF rules file will open\nMake the changes, exit, and save without changing the file location" 11 70
|
|
|
|
pico /etc/npf.conf
|
|
|
|
changePortNPF="1"
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
else
|
|
{
|
|
echo "# PORT"
|
|
echo "Port 22"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
# LISTEN ADDRESS
|
|
dialog --yesno "Do you want to configure the listening addresses?\n\n(If your server has multiple network interfaces, it is recommended to specify the IP address(es) of your server on which the SSH service should listen if you do not want users to be able to connect via undesired or protected interfaces)\n\nIf you answer (No), then SSH will listen by default on all interfaces of your server" 13 70
|
|
listen_ip=$?
|
|
|
|
if [ $listen_ip -eq 0 ]; then
|
|
|
|
echo "# LISTEN ADDRESS" >> /etc/ssh/sshd_config
|
|
|
|
i=0
|
|
while [ $i -lt "50" ]; do
|
|
ip_add=$(dialog --inputbox "Please enter an IP address allowed to connect" 8 55 2>&1 1>/dev/tty)
|
|
echo "ListenAddress $ip_add" >> /etc/ssh/sshd_config
|
|
|
|
dialog --yesno "Do you want to add another IP?" 5 34
|
|
add_another=$?
|
|
|
|
if [ $add_another -eq 1 ]; then
|
|
|
|
i=$((i+51))
|
|
fi
|
|
|
|
i=$((i+1))
|
|
done
|
|
|
|
echo " " >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
{
|
|
echo "# LISTEN ADDRESS"
|
|
echo "ListenAddress 0.0.0.0"
|
|
echo "ListenAddress ::"
|
|
} >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
# AUTHORIZED/ USERS
|
|
dialog --yesno "Do you want to specify the users allowed to connect to this server via SSH?\n(Only the specified users will be allowed to connect)\n\nIf (No), all users will be allowed to connect" 9 70
|
|
user_yesconnect=$?
|
|
|
|
if [ $user_yesconnect -eq 0 ]; then
|
|
|
|
echo "# ALLOW USERS" >> /etc/ssh/sshd_config
|
|
|
|
permitusers=$(dialog --inputbox "Please enter the username(s) of the only user(s) allowed to connect\n(separate usernames with spaces)" 9 70 2>&1 1>/dev/tty)
|
|
|
|
echo "AllowUsers ${permitusers}" >> /etc/ssh/sshd_config
|
|
|
|
echo " " >> /etc/ssh/sshd_config
|
|
|
|
|
|
fi
|
|
|
|
# DENIED USERS
|
|
dialog --yesno "Do you want to prohibit specific users from connecting to this server via SSH?\n(only the specified users will be prohibited from connecting.\n\nIf you have previously allowed users to connect, then answer (No)" 9 70
|
|
user_noconnect=$?
|
|
|
|
if [ $user_noconnect -eq 0 ]; then
|
|
|
|
echo "# DENY USERS" >> /etc/ssh/sshd_config
|
|
|
|
denyusers=$(dialog --inputbox "Please enter the username(s) of the user(s) denied from connecting\n(separate usernames with spaces)" 9 70 2>&1 1>/dev/tty)
|
|
|
|
echo "DenyUsers ${denyusers}" >> /etc/ssh/sshd_config
|
|
|
|
echo " " >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
# PERMIT ROOT LOGIN
|
|
dialog --yesno "Do you want to prohibit (Yes) or allow (No) root to connect to this server?\n\n(It is recommended to prohibit root login)" 8 70
|
|
permit_root=$?
|
|
|
|
echo "# PERMIT ROOT LOGIN" >> /etc/ssh/sshd_config
|
|
|
|
if [ $permit_root -eq 0 ]; then
|
|
|
|
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
|
|
echo " " >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
|
|
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
|
|
echo " " >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
# PUB KEY AUTHENTICATION
|
|
dialog --yesno "Do you want to allow both key-based and password-based authentication (Yes) or only one of them (No)?\n\nIf you answer (No), you will be prompted to choose on the next screen." 9 70
|
|
pubkey_yesno=$?
|
|
|
|
|
|
if [ $pubkey_yesno -eq 0 ]; then
|
|
{
|
|
echo "# PUB KEY AND PASSWORD AUTHENTICATION"
|
|
echo "PasswordAuthentication yes"
|
|
echo "AuthorizedKeysFile .ssh/authorized_keys"
|
|
echo "KbdInteractiveAuthentication yes"
|
|
echo "UsePAM yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
|
|
dialog --yesno "Do you want to allow only password-based authentication (Yes)\nor\nonly public key-based authentication (No)?\n\nSSH key-based authentication is highly recommended, however, you should not disable password authentication until you have added the public SSH key of the machine that will connect to this server to the /home/USER/.ssh/authorized_keys file on this server. Otherwise, you may risk losing access to the server." 13 70
|
|
pass_orkey=$?
|
|
|
|
if [ $pass_orkey -eq 0 ]; then
|
|
|
|
{
|
|
echo "# PASSWORD AUTHENTICATION ONLY"
|
|
echo "PasswordAuthentication yes"
|
|
echo "PubkeyAuthentication no"
|
|
echo "KbdInteractiveAuthentication yes"
|
|
echo "UsePAM yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
{
|
|
echo "# PUB KEY AUTHENTICATION ONLY"
|
|
echo "PasswordAuthentication no"
|
|
echo "PubkeyAuthentication yes"
|
|
echo "AuthorizedKeysFile .ssh/authorized_keys"
|
|
echo "KbdInteractiveAuthentication no"
|
|
echo "UsePAM no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
# X11Forwarding
|
|
dialog --yesno "Do you need to run graphical applications (X11) via SSH?" 5 61
|
|
x11_forward=$?
|
|
|
|
|
|
if [ $x11_forward -eq 0 ]; then
|
|
|
|
{
|
|
echo "# X11 FORWARDING"
|
|
echo "X11Forwarding yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
else
|
|
{
|
|
echo "# NO X11 FORWARDING"
|
|
echo "X11Forwarding no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
|
|
|
|
# AllowTcpForwarding
|
|
dialog --yesno "Will you be setting up SSH tunnels?" 5 40
|
|
ssh_tunnels=$?
|
|
|
|
|
|
if [ $ssh_tunnels -eq 0 ]; then
|
|
|
|
{
|
|
echo "# SSH TUNNELING"
|
|
echo "AllowTcpForwarding yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
|
|
{
|
|
|
|
echo "# NO SSH TUNNELING"
|
|
echo "AllowTcpForwarding no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
# USER ENVIRONMENT
|
|
dialog --yesno "Will you need to set environment variables via SSH?\n\nIt is recommended not to enable this option." 7 56
|
|
user_env=$?
|
|
|
|
|
|
if [ $user_env -eq 0 ]; then
|
|
{
|
|
echo "# USER ENVIRONMENT"
|
|
echo "PermitUserEnvironment yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
{
|
|
echo "# NO USER ENVIRONMENT"
|
|
echo "PermitUserEnvironment no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
# LOGIN GRACE TIME
|
|
dialog --yesno "Do you want to set a timeout during authentication?\n\nIt is recommended to configure a timeout." 7 56
|
|
grace_limit=$?
|
|
|
|
|
|
if [ $grace_limit -eq 0 ]; then
|
|
|
|
timelogin=$(dialog --inputbox "Please enter a timeout value (in seconds)\n(example: 60)" 9 50 2>&1 1>/dev/tty)
|
|
|
|
{
|
|
echo "# LOGIN GRACE TIME"
|
|
echo "LoginGraceTime $timelogin"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
# MAX AUTHENTICATION TRIES
|
|
dialog --yesno "Do you want to limit the number of authentication attempts?\n\n(recommended)" 7 64
|
|
max_ornot=$?
|
|
|
|
|
|
if [ $max_ornot -eq 0 ]; then
|
|
|
|
maxauth=$(dialog --inputbox "Please enter a maximum number of attempts\n(3 or 4 are usually good values)" 9 47 2>&1 1>/dev/tty)
|
|
|
|
{
|
|
echo "# MAX AUTHENTICATION TRIES"
|
|
echo "MaxAuthTries $maxauth"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
# MAX SESSIONS
|
|
dialog --yesno "Do you want to limit the number of simultaneous SSH sessions for each user?\n\n(recommended)" 8 70
|
|
ssh_simul=$?
|
|
|
|
|
|
if [ $ssh_simul -eq 0 ]; then
|
|
|
|
maxsimul=$(dialog --inputbox "Please enter a maximum number of sessions" 8 50 2>&1 1>/dev/tty)
|
|
|
|
{
|
|
echo "# MAX SESSIONS PER USER"
|
|
echo "MaxSessions $maxsimul"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# AUTOMATIC CLOSING
|
|
dialog --yesno "Do you want to configure automatic closure of inactive sessions?\n\n(recommended)" 7 69
|
|
close_inac=$?
|
|
|
|
if [ $close_inac -eq 0 ]; then
|
|
|
|
dialog --msgbox "The configuration is done in 2 steps\n\nFirst, you need to define the time (in seconds) between the sending of 2 inactivity requests (example 300)\nThen, we define the maximum number of requests sent before automatic session closure (example 3)\n\nTaking these 2 examples, the connection would be terminated after 15 minutes (300*3)" 13 70
|
|
interval=$(dialog --inputbox "Please enter the maximum number of seconds between the sending of 2 inactivity requests (example 300)" 9 60 2>&1 1>/dev/tty)
|
|
nbrequest=$(dialog --inputbox "Please enter the maximum number of requests sent before session closure (example 3)" 9 60 2>&1 1>/dev/tty)
|
|
|
|
{
|
|
echo "# CLOSE INACTIVE SESSIONS"
|
|
echo "ClientAliveInterval $interval"
|
|
echo "ClientAliveCountMax $nbrequest"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
# SYSLOG FACILITY
|
|
dialog --yesno "Do you want to set SysLogFacility to AUTH?\n\nThis allows SSH messages to be logged appropriately." 7 60
|
|
facility_ornot=$?
|
|
|
|
if [ $facility_ornot -eq 0 ]; then
|
|
|
|
{
|
|
echo "# SYSLOG FACILITY"
|
|
echo "SyslogFacility AUTH"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
|
|
|
|
# LOG LEVEL
|
|
dialog --yesno "Do you want to set the logging level?" 5 42
|
|
level_ornot=$?
|
|
|
|
if [ $level_ornot -eq 0 ]; then
|
|
|
|
dialog --yesno "Do you want to set it to INFO for normal usage (Yes)\nor\nVERBOSE for more details (No)?" 7 57
|
|
info_verbose=$?
|
|
|
|
if [ $info_verbose -eq 0 ]; then
|
|
|
|
{
|
|
echo "# LOG LEVEL"
|
|
echo "LogLevel INFO"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
{
|
|
echo "# LOG LEVEL"
|
|
echo "LogLevel VERBOSE"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# DNS
|
|
dialog --yesno "Do you want to disable DNS resolution?\n\nThis speeds up SSH connections and reduces the possibility of DNS-based attacks." 8 70
|
|
dns_ornot=$?
|
|
|
|
if [ $dns_ornot -eq 0 ]; then
|
|
|
|
{
|
|
echo "# DNS"
|
|
echo "UseDNS no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
else
|
|
{
|
|
echo "# DNS"
|
|
echo "UseDNS yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
|
|
|
|
|
|
# SFTP
|
|
dialog --yesno "Will you be using the SFTP protocol (FTP over SSH) for file exchange via SSH?" 6 66
|
|
sftp_ornot=$?
|
|
|
|
if [ $sftp_ornot -eq 0 ]; then
|
|
|
|
dialog --yesno "Do you want to use /usr/libexex/sftp-server (default choice) (Yes)\nor\ninternal-sftp (No)?" 7 70
|
|
which_sftp=$?
|
|
|
|
if [ $which_sftp -eq 0 ]; then
|
|
{
|
|
echo "# SFTP"
|
|
echo "Subsystem sftp /usr/libexec/sftp-server"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
else
|
|
{
|
|
echo "# SFTP"
|
|
echo "Subsystem sftp internal-sftp"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
# MOTD
|
|
dialog --yesno "Do you want to disable the Message of the Day (Motd)?\n\n(recommended)" 7 58
|
|
motd_ornot=$?
|
|
|
|
if [ $motd_ornot -eq 0 ]; then
|
|
{
|
|
echo "# MOTD"
|
|
echo "PrintMotd no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
else
|
|
{
|
|
echo "# MOTD"
|
|
echo "PrintMotd yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
|
|
|
|
|
|
# LAST LOG
|
|
dialog --yesno "Do you want to hide (Yes) or display (No) the message showing the date and time of the last login when a user logs in?\n\n(It is recommended to hide this information)" 8 70
|
|
hidelog_ornot=$?
|
|
|
|
if [ $hidelog_ornot -eq 0 ]; then
|
|
{
|
|
echo "# PRINT LAST LOG"
|
|
echo "PrintLastLog no"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
else
|
|
{
|
|
echo "# PRINT LAST LOG"
|
|
echo "PrintLastLog yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
# USUAL
|
|
{
|
|
echo "# DISABLE HPN"
|
|
echo "HPNDisabled yes"
|
|
echo " "
|
|
} >> /etc/ssh/sshd_config
|
|
|
|
dialog --msgbox "The configuration is now completed" 5 39
|
|
|
|
else
|
|
|
|
dialog --msgbox "/etc/ssh/sshd_config is going to be opened in a text editor in order to let you configure SSH yourself\n\nDo what you need to do, then Exit and Save without changing the location of the file\n\nYou'll be asked to activate (or not) the configuration at the end" 11 69
|
|
|
|
pico /etc/ssh/sshd_config
|
|
|
|
|
|
# check if Port is commented or not
|
|
check=$(grep Port < /etc/ssh/sshd_config | grep "[0-9]" | grep -o '#' | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$check" -eq 0 ]; then
|
|
|
|
# check if Port has been modified
|
|
check2=$(grep -o "Port 22" < /etc/ssh/sshd_config | sort | uniq | wc -l | tr -d ' ')
|
|
if [ ! "$check2" -eq 1 ]; then
|
|
|
|
# check if the NPF firewall has already been configured
|
|
if [ -e /etc/npf.conf ]; then
|
|
|
|
# check if NPF is running
|
|
check=$(npfctl show | grep -o "inactive" | sort | uniq | wc -l | tr -d ' ')
|
|
if [ ! "$check" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The NPF firewall seems to be active\nYou also need to change the SSH port in the rules file to avoid being blocked when SSH is activated.\n\nThe NPF rules file will open\nMake the changes, exit, and save without changing the file location" 11 70
|
|
|
|
pico /etc/npf.conf
|
|
|
|
changePortNPF="1"
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
dialog --yesno "Do you want to (re)start SSH?" 5 33
|
|
activate_ornot=$?
|
|
|
|
if [ $activate_ornot -eq 0 ]; then
|
|
|
|
service sshd restart > /dev/null 2>&1
|
|
|
|
sleep 1
|
|
|
|
check=$(service sshd status | grep -o "sshd is not running." | wc -l | tr -d)
|
|
|
|
if [ "$check" -eq 0 ]; then
|
|
dialog --msgbox "It seems that something went wrong, sshd did not start" 5 59
|
|
|
|
fi
|
|
|
|
if [ "$changePortNPF" -eq 1 ]; then
|
|
|
|
dialog --yesno "You have modified the SSH port, do you want to restart the firewall now?" 6 66
|
|
restart_npf=$?
|
|
|
|
if [ $restart_npf -eq 0 ]; then
|
|
|
|
service npf restart > /dev/null 2>&1
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
check=$(service sshd status | grep -o "sshd is running" | wc -l | tr -d ' ')
|
|
|
|
if [ "$check" -eq 1 ]; then
|
|
dialog --msgbox "SSH is running, Congratulations!" 5 36
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
SecurityMenu
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
FormatToNTFS () {
|
|
|
|
{
|
|
|
|
################################################
|
|
# STAGE 0 : CHECK FOR NECESSARY TOOLS
|
|
|
|
if [ ! -e /usr/pkg/sbin/mkntfs ]; then
|
|
checkInternetConnection
|
|
|
|
pkgin -y in fuse > /dev/null 2>&1
|
|
echo 20
|
|
pkgin -y in fuse-ntfs > /dev/null 2>&1
|
|
echo 40
|
|
pkgin -y in fuse-ntfs-3g > /dev/null 2>&1
|
|
echo 60
|
|
pkgin -y in libntfs > /dev/null 2>&1
|
|
echo 80
|
|
pkgin -y inntfsprogs > /dev/null 2>&1
|
|
echo 100
|
|
|
|
fi
|
|
|
|
|
|
} | dialog --gauge "Checking for necessary software..." 6 39
|
|
|
|
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
|
|
|
|
################################################
|
|
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
|
|
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No USB devices detected" 5 30
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f "$TMPFILE"
|
|
|
|
###################################################################################################################
|
|
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
|
|
|
|
# check if already mounted then format
|
|
if [ -n "$device" ]; then
|
|
|
|
# check if the selected device is already associated with a geometry
|
|
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$seekdkX" -gt 0 ]; then
|
|
|
|
# get geom name (dkX)
|
|
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
|
|
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The device is mounted, please unmount it first" 5 50
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
{
|
|
|
|
###################
|
|
# STAGE 3 : FORMAT
|
|
|
|
# Destroy and Create a new GPT table
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 10
|
|
|
|
# Create a partition of type windows
|
|
gpt add -t windows "$device" > /dev/null 2>&1
|
|
|
|
echo 20
|
|
|
|
# The operation is repeated a second time to accommodate the transition from MBR to GPT (again, it is needed sometimes)
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 30
|
|
|
|
# Create a partition of type windows
|
|
gpt add -t windows "$device" > /dev/null 2>&1
|
|
|
|
echo 40
|
|
|
|
# Retrieve the created geometry:
|
|
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
# Create the filesystem:
|
|
mkntfs -f "/dev/$geom" > /dev/null 2>&1
|
|
|
|
echo 100
|
|
|
|
|
|
} | dialog --gauge "Formatting in progress..." 6 31
|
|
|
|
geom=$(dmesg | tail -5 | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
|
|
##############################################
|
|
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
|
|
|
|
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
|
|
mount_ornot=$?
|
|
|
|
if [ "$mount_ornot" -eq 0 ]; then
|
|
|
|
# Creating the mount point
|
|
mkdir -p /media/"$geom" > /dev/null 2>&1
|
|
|
|
# Mounting NTFS
|
|
env PERFUSE_BUFSIZE=135168 ntfs-3g /dev/"$geom" /media/"$geom" > /dev/null 2>&1
|
|
|
|
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
|
|
|
|
fi
|
|
|
|
DiskMngmtMenu
|
|
|
|
|
|
fi
|
|
}
|
|
|
|
# checked
|
|
|
|
FormatToEXFAT () {
|
|
|
|
{
|
|
|
|
################################################
|
|
# STAGE 0 : CHECK FOR NECESSARY TOOLS
|
|
|
|
if [ ! -e /usr/pkg/sbin/mkexfatfs ]; then
|
|
checkInternetConnection
|
|
|
|
pkgin -y in fuse > /dev/null 2>&1
|
|
echo 20
|
|
pkgin -y in fuse-ntfs > /dev/null 2>&1
|
|
echo 40
|
|
pkgin -y in fuse-ntfs-3g > /dev/null 2>&1
|
|
echo 60
|
|
pkgin -y in libntfs > /dev/null 2>&1
|
|
echo 70
|
|
pkgin -y fuse-exfat > /dev/null 2>&1
|
|
echo 80
|
|
pkgin -y inntfsprogs > /dev/null 2>&1
|
|
echo 100
|
|
|
|
fi
|
|
|
|
|
|
} | dialog --gauge "Checking for necessary software..." 6 39
|
|
|
|
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
|
|
|
|
################################################
|
|
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
|
|
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No USB devices detected" 5 30
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f "$TMPFILE"
|
|
|
|
###################################################################################################################
|
|
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
|
|
|
|
# check if already mounted then format
|
|
if [ -n "$device" ]; then
|
|
|
|
# check if the selected device is already associated with a geometry
|
|
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$seekdkX" -gt 0 ]; then
|
|
|
|
# get geom name (dkX)
|
|
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
|
|
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The device is mounted, please unmount it first" 5 50
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
{
|
|
|
|
###################
|
|
# STAGE 3 : FORMAT
|
|
|
|
# Destroy and Create a new GPT table
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 10
|
|
|
|
# Create a partition of type windows
|
|
gpt add -t windows "$device" > /dev/null 2>&1
|
|
|
|
echo 20
|
|
|
|
# The operation is repeated a second time to accommodate the transition from MBR to GPT (again, it is needed sometimes)
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 30
|
|
|
|
# Create a partition of type windows
|
|
gpt add -t windows "$device" > /dev/null 2>&1
|
|
|
|
echo 40
|
|
|
|
# Retrieve the created geometry:
|
|
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
# Create the filesystem:
|
|
/usr/pkg/sbin/mkexfatfs "/dev/$geom" > /dev/null 2>&1
|
|
|
|
echo 100
|
|
|
|
|
|
} | dialog --gauge "Formatting in progress..." 6 31
|
|
|
|
geom=$(dmesg | tail -5 | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
##############################################
|
|
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
|
|
|
|
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
|
|
mount_ornot=$?
|
|
|
|
if [ "$mount_ornot" -eq 0 ]; then
|
|
|
|
# Creating the mount point
|
|
mkdir -p /media/"$geom" > /dev/null 2>&1
|
|
|
|
# Mounting
|
|
env PERFUSE_BUFSIZE=135168 /usr/pkg/sbin/mount.exfat /dev/"$geom" /media/"$geom" > /dev/null 2>&1
|
|
#env PERFUSE_BUFSIZE=135168 ntfs-3g /dev/$geom /media/$geom > /dev/null 2>&1
|
|
|
|
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$geom?" 6 60
|
|
rw_ornot=$?
|
|
if [ $rw_ornot -eq 0 ]; then
|
|
|
|
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
|
|
/sbin/chown -R "$user" /media/"$geom"
|
|
chmod -R /media/"$geom"
|
|
|
|
else
|
|
|
|
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
FormatToFFSv1 () {
|
|
|
|
dialog --yesno "FFSv1 is outdated and does not support storage devices > 1 TB. Do you want to continue?" 6 67
|
|
ffsv1_choix=$?
|
|
|
|
case $ffsv1_choix in
|
|
1)
|
|
DiskMngmtMenu
|
|
;;
|
|
esac
|
|
|
|
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
|
|
|
|
################################################
|
|
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
|
|
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No USB devices detected" 5 30
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f "$TMPFILE"
|
|
|
|
###################################################################################################################
|
|
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
|
|
|
|
# check if already mounted then format
|
|
if [ -n "$device" ]; then
|
|
|
|
# check if the selected device is already associated with a geometry
|
|
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$seekdkX" -gt 0 ]; then
|
|
|
|
# get geom name (dkX)
|
|
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
|
|
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The device is mounted, please unmount it first" 5 50
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
{
|
|
|
|
###################
|
|
# STAGE 3 : FORMAT
|
|
|
|
# Destroy and Create a new GPT table
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 10
|
|
|
|
# Destroy and Create a new GPT table again
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 20
|
|
|
|
# Create a partition of type FFS
|
|
gpt add -t ffs "$device" > /dev/null 2>&1
|
|
|
|
echo 30
|
|
|
|
# Retrieve the created geometry:
|
|
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
# Create the filesystem:
|
|
newfs -O1 "$geom" > /dev/null 2>&1
|
|
|
|
echo 100
|
|
|
|
} | dialog --gauge "Formatting in progress..." 6 31
|
|
|
|
##############################################
|
|
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
|
|
|
|
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
|
|
mount_ornot=$?
|
|
|
|
if [ $mount_ornot -eq 0 ]; then
|
|
|
|
# Création du point de montage
|
|
mkdir -p /media/"$geom" > /dev/null 2>&1
|
|
|
|
# Montage
|
|
mount /dev/"$geom" /media/"$geom" > /dev/null 2>&1
|
|
|
|
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$geom?" 6 60
|
|
rw_ornot=$?
|
|
if [ $rw_ornot -eq 0 ]; then
|
|
|
|
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
|
|
/sbin/chown -R "$user" /media/"$geom"
|
|
chmod -R /media/"$geom"
|
|
|
|
else
|
|
|
|
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
FormatToFFSv2 () {
|
|
|
|
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
|
|
|
|
################################################
|
|
# STAGE 1 : DETECTION AND CHOICE OF THE DEVICE
|
|
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
dmesg | tail -5 | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No USB devices detected" 5 30
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the USB device to format\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f "$TMPFILE"
|
|
|
|
###################################################################################################################
|
|
# STAGE 2 : CHECK IF THE DEVICE IS ASSOCIATED TO A GEOMETRY AND IF THIS GEOMETRY IS ALREADY MOUNTED ON THE SYSTEM
|
|
|
|
# check if already mounted then format
|
|
if [ -n "$device" ]; then
|
|
|
|
# check if the selected device is already associated with a geometry
|
|
seekdkX=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$seekdkX" -gt 0 ]; then
|
|
|
|
# get geom name (dkX)
|
|
getgeom=$(dmesg | tail -10 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq)
|
|
checkmounted=$(mount | grep -o "/dev/${getgeom}" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The device is mounted, please unmount it first" 5 50
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
{
|
|
|
|
###################
|
|
# STAGE 3 : FORMAT
|
|
|
|
# Destroy and Create a new GPT table
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 10
|
|
|
|
# Destroy and Create a new GPT table again
|
|
gpt destroy "$device" > /dev/null 2>&1
|
|
gpt create -f "$device" > /dev/null 2>&1
|
|
|
|
echo 20
|
|
|
|
# Create a partition of type FFS
|
|
gpt add -t ffs "$device" > /dev/null 2>&1
|
|
|
|
echo 30
|
|
|
|
# Retrieve the created geometry:
|
|
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
# Create the filesystem:
|
|
newfs -O2 "$geom" > /dev/null 2>&1
|
|
|
|
echo 100
|
|
|
|
} | dialog --gauge "Formatting in progress..." 6 30
|
|
|
|
##############################################
|
|
# STAGE 4 : MOUNT THE NEWLY CREATED GEOMETRY
|
|
|
|
geom=$(dmesg | tail -5 | grep "${device}" | grep -o "dk[0-9]" | sort | uniq | tr -d ' ')
|
|
|
|
dialog --yesno "Do you want to mount the USB device to /media/$geom?" 5 56
|
|
mount_ornot=$?
|
|
|
|
if [ "$mount_ornot" -eq 0 ]; then
|
|
|
|
# Création du point de montage
|
|
mkdir -p /media/"$geom" > /dev/null 2>&1
|
|
|
|
# Montage
|
|
mount /dev/"$geom" /media/"$geom" > /dev/null 2>&1
|
|
|
|
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$geom?" 6 60
|
|
rw_ornot=$?
|
|
if [ "$rw_ornot" -eq 0 ]; then
|
|
|
|
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
|
|
/sbin/chown -R "$user" /media/"$geom"
|
|
chmod -R /media/"$geom"
|
|
|
|
else
|
|
|
|
dialog --msgbox "Don't forget about permissions on /media/$geom" 5 51
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
mountUSB () {
|
|
|
|
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
|
|
|
|
count=$(dmesg | tail -5 | grep -o ntfs | wc -l | tr -d " ")
|
|
|
|
if [ "$count" -gt 0 ]; then
|
|
|
|
device=$(dmesg | tail -5 | grep "ntfs" | grep -o "dk[0-9]" | sort | uniq)
|
|
checkmounted=$(mount | grep -o "/dev/$device" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
dialog --msgbox "Device already mounted on /dev/$dkX" 5 41
|
|
else
|
|
if [ -n "$device" ]; then
|
|
# if NTFS
|
|
env PERFUSE_BUFSIZE=135168 ntfs-3g /dev/"$device" /media/"$device"
|
|
# if ExFAT :
|
|
env PERFUSE_BUFSIZE=135168 /usr/pkg/sbin/mount.exfat /dev/"$device" /media/"$device"
|
|
|
|
else
|
|
dialog --msgbox "No NTFS-associated device dkX found." 5 40
|
|
fi
|
|
fi
|
|
|
|
else
|
|
dkX=$(dmesg | tail -10 | grep -o "dk[0-9]")
|
|
checkdkX=$(dmesg | tail -10 | grep -o "dk[0-9]" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkdkX" -eq 0 ]; then
|
|
|
|
dialog --msgbox "Device not detected" 5 23
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
|
|
checkmounted=$(mount | grep -o "/dev/$dkX" | sort | uniq | wc -l | tr -d ' ')
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
dialog --msgbox "Device already mounted on /dev/$dkX" 5 41
|
|
DiskMngmtMenu
|
|
else
|
|
mount /dev/"$dkX" /media/"$dkX"
|
|
|
|
fi
|
|
fi
|
|
|
|
dialog --yesno "Don't you want to give Read/Write permissions to a user on /media/$device?" 6 60
|
|
rw_ornot=$?
|
|
if [ "$rw_ornot" -eq 0 ]; then
|
|
|
|
user=$(dialog --title "Read/Write Permissions" --inputbox "Please enter the username" 8 40 2>&1 1>/dev/tty)
|
|
/sbin/chown -R "$user" /media/"$dkX"
|
|
chmod -R /media/"$dkX"
|
|
|
|
else
|
|
|
|
dialog --msgbox "Don't forget about permissions on /media/$dkX" 5 51
|
|
|
|
fi
|
|
|
|
DiskMngmtMenu
|
|
}
|
|
|
|
# checked
|
|
|
|
|
|
umountUSB () {
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
mount | grep media | grep -o "dk[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No mounted USB devices detected" 5 35
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
return
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the USB device to unmount\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f "$TMPFILE"
|
|
|
|
# Unmount the selected device
|
|
if [ -n "$device" ]; then
|
|
umount -f "/media/$device" || dialog --msgbox "Error unmounting /media/$device" 5 33
|
|
fi
|
|
|
|
# Return to disk management menu
|
|
DiskMngmtMenu
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
BurnISOtoUSB () {
|
|
|
|
dialog --msgbox "If you have just inserted the USB device, then you can continue. Otherwise, please unplug it, wait a few seconds, then plug it back in, wait a few seconds, and then continue" 7 70
|
|
|
|
# Verifications
|
|
seekdkX=$(dmesg | tail -10 | grep "sd[0-9]" | grep -o "dk[0-9]" | sort | uniq)
|
|
|
|
for each in $seekdkX; do
|
|
|
|
checkmounted=$(mount | grep -o "/dev/$each" | sort | uniq | wc -l | tr -d ' ')
|
|
|
|
if [ "$checkmounted" -eq 1 ]; then
|
|
|
|
dialog --msgbox "The device is mounted, please unmount it first" 5 50
|
|
DiskMngmtMenu
|
|
|
|
fi
|
|
done
|
|
|
|
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
sysctl hw.disknames | grep -o "sd[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No USB devices detected" 5 32
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the USB device to burn ISO\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f "$TMPFILE"
|
|
|
|
# Burn the .iso image
|
|
if [ -n "$device" ]; then
|
|
|
|
isoFile=$(dialog --title "ISO file" --inputbox "Please enter the absolute path of your .iso file" 9 54 2>&1 1>/dev/tty)
|
|
{
|
|
dd if="$isoFile" of=/dev/"$device" bs=8m msgfmt=human
|
|
|
|
} | dialog --gauge "Writing in progress..." 6 26
|
|
fi
|
|
|
|
# Return to disk management menu
|
|
DiskMngmtMenu
|
|
|
|
}
|
|
|
|
# checked
|
|
|
|
BurnISOtoCD () {
|
|
|
|
checkInternetConnection
|
|
|
|
{
|
|
|
|
pkgin -y in cdrtools > /dev/null 2>&1
|
|
|
|
echo 100
|
|
|
|
} | dialog --gauge "Checking for necessary software..." 6 39
|
|
|
|
|
|
# Create a temporary file
|
|
TMPFILE=$(mktemp)
|
|
|
|
# Generate the list of devices
|
|
# grep -v "*" is not a glob ! It's necessary to keep only the bus actually connected
|
|
cdrecord --scanbus | grep "[0-9],[0-9],[0-9]" | sed "/\*/d" | grep -o "[0-9],[0-9],[0-9]" | sort | uniq > "$TMPFILE"
|
|
|
|
# Check if the list is empty
|
|
if [ ! -s "$TMPFILE" ]; then
|
|
dialog --msgbox "No burner detected..." 5 32
|
|
rm -f "$TMPFILE"
|
|
DiskMngmtMenu
|
|
fi
|
|
|
|
# Read the temporary file and construct the option for dialog
|
|
devices=""
|
|
while IFS= read -r line; do
|
|
devices="$devices $line \"$line\" off"
|
|
done < "$TMPFILE"
|
|
|
|
# Use dialog to display the list of devices
|
|
device=$(eval "dialog --radiolist \"Choose the burner\" 0 0 0 $devices 3>&1 1>&2 2>&3")
|
|
|
|
# Clean up and remove the temporary file
|
|
rm -f " |