Commit Diff


commit - a24278572f987c848dd4dac094e80008a84ac37f
commit + 22278c7a3ec42075f3bb8a2270ac8024eb074455
blob - 45b22b89d89978726d421226ddaa02da6a3791a0 (mode 644)
blob + /dev/null
--- nsh-scripts/bin/enable-sshd.nshrc
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/local/bin/nsh -
-enable
-sshd enable
-write memory
-quit 
blob - 972f5213948334b4b2b22d29f398dccc8b606627 (mode 644)
blob + /dev/null
--- nsh-scripts/bin/initial-config.nshrc
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/local/bin/nsh -
-enable
-pf enable
-sshd enable
-write-config
blob - de25a27d1617554f64500ae0ca119cf95cc122f9 (mode 644)
blob + /dev/null
--- nsh-scripts/bin/mg-env-settings
+++ /dev/null
@@ -1 +0,0 @@
-VISUAL=/usr/bin/mg; export VISUAL; EDITOR=/usr/bin/mg; export EDITOR
blob - b30fd80eb373ca572a4947d40542ebcd446f74d8 (mode 644)
blob + /dev/null
--- nsh-scripts/bin/nsh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/ksh
-#
-# $OpenBSD: nsh,v 1.0  2022/04/07 01:41:16 cappuccio Exp $
-
-daemon="/usr/local/bin/nsh"
-daemon_flags=" -v -i /etc/nshrc | tee -a /var/log/nsh.log"
-
-rc_reload=NO
-
-. /etc/rc.d/rc.subr
-
-rc_cmd $1
blob - 11dfa2566b90c140770a2454e4acacf992d39a9e (mode 644)
blob + /dev/null
--- nsh-scripts/bin/nsh-openbsd-integration.sh
+++ /dev/null
@@ -1,282 +0,0 @@
-#!/bin/sh -
-
-dflt='No'
-
-#check if user is root
-if [ $(id -u) != 0 ];
-then
-	echo "Must be run as root"
-	exit
-else
-	#ask user do they want to continue
-	#default is No
-	echo "This script is built to suit a typical network configuration setup"
-	echo "If you have an unusual config, it is not recommended to run"
-	read input?"Do you want to continue? (Yes/No) [${dflt}] "
-
-	if [ -z "${input}" ]; then input="${dflt}"; fi
-	if [ "${input}" = 'Yes' ] || [ "${input}" = 'yes' ];
-	then
-		test -f /var/nsh/backup/pre-nsh-config && echo pre-nsh-config exists already && exit
-		test -f /etc/nshrc && echo etc-nshrc exists already && exit
-		 
-		mkdir -p /var/nsh/backup/pre-nsh-config
-		
-		#remove world permissions from created directories
-		chmod -R 750 /var/nsh
-		chown -R root /var/nsh
-		chgrp -R wheel /var/nsh 
-		#chmod 750 /var/nsh/backup
-		#chmod 750 /var/nsh/backup/pre-nsh-config
-		 
-		#checks if file exists
-		#makes a copy and moves conf file
-		#secures file
-		pf='/etc/pf.conf'
-		if [ -f $pf ]; then
-			cp /etc/pf.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/pf.conf /var/run/pf.conf.0
-			chown root /var/run/pf.conf.0
-			chgrp wheel /var/run/pf.conf.0
-			chmod 660 /var/run/pf.conf.0
-		else
-			echo etc-pf does not exist, not importing!
-		fi
-
-		ipsec='/etc/ipsec.conf'
-		if [ -f $ipsec ]; then
-			cp /etc/ipsec.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ipsec.conf /var/run/ipsec.conf.0
-			chown root /var/run/ipsec.conf.0
-			chgrp wheel /var/run/ipsec.conf.0
-			chmod 660 /var/run/ipsec.conf.0
-		else
-			echo etc-ipsec does not exist, not importing!
-		fi
-		 
-		bgpd='/etc/bgpd.conf'
-		if [ -f $bgpd ]; then
-			cp /etc/bgpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/bgpd.conf /var/run/bgpd.conf.0
-			chown root /var/run/bgpd.conf.0
-			chgrp wheel /var/run/bgpd.conf.0
-			chmod 660 /var/run/bgpd.conf.0
-		else
-			echo etc-bgpd does not exist, not importing!
-		fi
-		 
-		ospfd='/etc/ospfd.conf'
-		if [ -f $ospfd ]; then
-			cp /etc/ospfd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ospfd.conf /var/run/ospfd.conf.0
-			chown root /var/run/ospfd.conf.0
-			chgrp wheel /var/run/ospfd.conf.0
-			chmod 660 /var/run/ospfd.conf.0
-		else
-			echo etc-ospfd does not exist, not importing!
-		fi
-		 
-		 
-		ospf6d='/etc/ospf6d.conf'
-		if [ -f $ospf6d ]; then
-			cp /etc/ospf6d.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ospf6d.conf /var/run/ospf6d.conf.0
-			chown root /var/run/ospf6d.conf.0
-			chgrp wheel /var/run/ospf6d.conf.0
-			chmod 660 /var/run/ospf6d.conf.0
-		else
-			echo etc-ospf6d does not exist, not importing!
-			
-		fi
-		dhcpd='/etc/dhcpd.conf'
-		if [ -f $dhcpd ]; then
-			cp /etc/dhcpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/dhcpd.conf /var/run/dhcpd.conf.0
-			chown root /var/run/dhcpd.conf.0
-			chgrp wheel /var/run/dhcpd.conf.0
-			chmod 660 /var/run/dhcpd.conf.0
-		else
-			echo etc-dhcpd does not exist, not importing!
-		fi
-		
-		ntpd='/etc/ntpd.conf'
-		if [ -f $ntpd ]; then
-			cp /etc/ntpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ntpd.conf /var/run/ntpd.conf.0
-			chown root /var/run/ntpd.conf.0
-			chgrp wheel /var/run/ntpd.conf.0
-			chmod 660 /var/run/ntpd.conf.0
-		else
-			echo etc-ntpd does not exist, not importing!
-		fi
-		 
-		sshd_config='/etc/ssh/sshd_config'
-		if [ -f $sshd_config ]; then
-			cp /etc/ssh/sshd_config /var/nsh/backup/pre-nsh-config/
-			mv /etc/ssh/sshd_config /var/run/sshd.conf.0
-			chown root /var/run/sshd.conf.0
-			chgrp wheel /var/run/sshd.conf.0
-			chmod 660 /var/run/sshd.conf.0
-		else
-			echo etc-ssh_config does not exist, not importing!
-		fi
-
-		eigrpd='/etc/eigrpd.conf'
-		if [ -f $eigrpd ]; then
-			cp /etc/eigrpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/eigrpd.conf /var/run/eigrpd.conf.0
-			chown root /var/run/eigrpd.conf.0
-			chgrp wheel /var/run/eigrpd.conf.0
-			chmod 660 /var/run/eigrpd.conf.0
-		else
-			echo etc-eigrpd does not exist, not importing!
-		fi
-
-		relayd='/etc/relayd.conf'
-		if [ -f $relayd ]; then
-			cp /etc/relayd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/relayd.conf /var/run/relayd.conf.0
-			chown root /var/run/relayd.conf.0
-			chgrp wheel /var/run/relayd.conf.0
-			chmod 660 /var/run/relayd.conf.0
-		else
-			echo etc-relayd does not exist, not importing!
-		fi
-
-		ripd='/etc/ripd.conf'
-		if [ -f $ripd ]; then
-			cp /etc/ripd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ripd.conf /var/run/ripd.conf.0
-			chown root /var/run/ripd.conf.0
-			chgrp wheel /var/run/ripd.conf.0
-			chmod 660 /var/run/ripd.conf.0
-		else
-			echo etc-ripd does not exist, not importing!
-		fi
-		 
-		ldpd='/etc/ldpd.conf'
-		if [ -f $ldpd ]; then
-			cp /etc/ldpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ldpd.conf /var/run/ldpd.conf.0
-			chown root /var/run/ldpd.conf.0
-			chgrp wheel /var/run/ldpd.conf.0
-			chmod 660 /var/run/ldpd.conf.0
-		else
-			echo etc-ldpd does not exist, not importing!
-		fi
-		 
-		iked='/etc/iked.conf'
-		if [ -f $iked ]; then
-			cp /etc/iked.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/iked.conf /var/run/iked.conf.0
-			chown root /var/run/iked.conf.0
-			chgrp wheel /var/run/iked.conf.0
-			chmod 660 /var/run/iked.conf.0
-		else
-			echo etc-iked does not exist, not importing!
-		fi
-
-		snmpd='/etc/snmpd.conf'
-		if [ -f $snmpd ]; then
-			cp /etc/snmpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/snmpd.conf /var/run/snmpd.conf.0
-			chown root /var/run/snmpd.conf.0
-			chgrp wheel /var/run/snmpd.conf.0
-			chmod 660 /var/run/snmpd.conf.0
-		else
-			echo etc-snmpd does not exist, not importing!
-		fi
-		 
-		ldapd='/etc/ldapd.conf'
-		if [ -f $ldapd ]; then
-			cp /etc/ldapd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/ldapd.conf /var/run/ldapd.conf.0
-			chown root /var/run/ldapd.conf.0
-			chgrp wheel /var/run/ldapd.conf.0
-			chmod 660 /var/run/ldapd.conf.0
-		else
-			echo etc-ldapd does not exist, not importing!
-		fi
-
-		resolv='/etc/resolv.conf'
-		if [ -f $resolv ]; then
-			cp /etc/resolv.conf /var/nsh/backup/pre-nsh-config/
-			
-		else
-			echo etc-resolv does not exist, not backing up!
-		fi
-
-		motd='/etc/motd'
-		if [ -f $motd ]; then
-			cp /etc/motd /var/nsh/backup/pre-nsh-config/
-			mv /etc/motd /var/run/motd.0
-			sed -i 's/Welcome to OpenBSD/OpenBSD/g' /var/run/motd.0
-			ln -s /var/run/motd.0 /etc/motd
-			chown root /var/run/motd.0
-			chgrp wheel /var/run/motd.0
-			chmod 660 /var/run/motd.0
-		else 
-			echo etc-motd does not exist, not importing!
-		fi
-		
-		smtpd='/etc/mail/smtpd.conf'
-		if [ -f $smtpd ]; then
-			cp /etc/mail/smtpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/mail/smtpd.conf /var/run/smtpd.conf.0
-			chown root /var/run/smtpd.conf.0
-			chgrp wheel /var/run/smtpd.conf.0
-			chmod 660 /var/run/smtpd.conf.0
-		else 
-			echo etc-smtpd does not exist, not importing!
-		fi
-		
-		dvmrpd='/etc/dvmrpd.conf'
-		if [ -f $dvmrpd ]; then
-			cp /etc/dvmrpd.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/dvmrpd.conf /var/run/dvmrpd.conf.0
-			chown root /var/run/dvmrpd.conf.0
-			chgrp wheel /var/run/dvmrpd.conf.0
-			chmod 660 /var/run/dvmrpd.conf.0
-		else 
-			echo etc-dvmrpd does not exist, not importing!
-		fi
-		
-		sasync='/etc/sasync.conf'
-		if [ -f $sasync ]; then
-			cp /etc/sasync.conf /var/nsh/backup/pre-nsh-config/
-			mv /etc/sasync.conf /var/run/sasync.conf.0
-			chown root /var/run/sasync.conf.0
-			chgrp wheel /var/run/sasync.conf.0
-			chmod 660 /var/run/sasync.conf.0
-		else 
-			echo etc-sasyncd does not exist, not importing!
-		fi
-		
-		#setup and secure nshlog 
-		touch /var/log/nsh.log
-		chown root /var/log/nsh.log
-		chgrp wheel /var/log/nsh.log
-		chmod 660 /var/log/nsh.log
-		#import running Openbsd kernel configuration
-		/usr/local/bin/nsh -c ./write-config.nshrc
-		#secure nshrc config file 
-		chmod 660 /etc/nshrc
-		#Remove any networking config from /etc/ that conflicts with nsh
-		mv /etc/hostname.* /var/nsh/backup/pre-nsh-config/
-		mv /etc/mygate /var/nsh/backup/pre-nsh-config/
-		#can we import rc.conf.local to nsh config
-		mv /etc/rc.conf.local /var/nsh/backup/pre-nsh-config/
-		cp nsh /etc/rc.d/
-		chmod 555 /etc/rc.d/nsh
-		#enable nsh 
-		rcctl enable nsh
-		#disable services now managed by nsh 
-		rcctl disable ntpd
-		rcctl disable smtpd
-		rcctl disable sshd
-		echo reboot device for nsh configuration to take effect
-		/usr/local/bin/nsh -c ./enable-sshd.nshrc
-	else
-		exit
-	fi
-fi
blob - 9048768cae24c3d67326470392210a2e5703493a (mode 644)
blob + /dev/null
--- nsh-scripts/bin/write-config.nshrc
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/local/bin/nsh
-enable
-write-config
blob - /dev/null
blob + 45b22b89d89978726d421226ddaa02da6a3791a0 (mode 644)
--- /dev/null
+++ scripts/nshrc/enable-sshd.nshrc
@@ -0,0 +1,5 @@
+#!/usr/local/bin/nsh -
+enable
+sshd enable
+write memory
+quit 
blob - /dev/null
blob + 972f5213948334b4b2b22d29f398dccc8b606627 (mode 644)
--- /dev/null
+++ scripts/nshrc/initial-config.nshrc
@@ -0,0 +1,5 @@
+#!/usr/local/bin/nsh -
+enable
+pf enable
+sshd enable
+write-config
blob - /dev/null
blob + de25a27d1617554f64500ae0ca119cf95cc122f9 (mode 644)
--- /dev/null
+++ scripts/nshrc/mg-env-settings
@@ -0,0 +1 @@
+VISUAL=/usr/bin/mg; export VISUAL; EDITOR=/usr/bin/mg; export EDITOR
blob - /dev/null
blob + b30fd80eb373ca572a4947d40542ebcd446f74d8 (mode 644)
--- /dev/null
+++ scripts/nshrc/nsh
@@ -0,0 +1,12 @@
+#!/bin/ksh
+#
+# $OpenBSD: nsh,v 1.0  2022/04/07 01:41:16 cappuccio Exp $
+
+daemon="/usr/local/bin/nsh"
+daemon_flags=" -v -i /etc/nshrc | tee -a /var/log/nsh.log"
+
+rc_reload=NO
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1
blob - /dev/null
blob + 9048768cae24c3d67326470392210a2e5703493a (mode 644)
--- /dev/null
+++ scripts/nshrc/write-config.nshrc
@@ -0,0 +1,3 @@
+#!/usr/local/bin/nsh
+enable
+write-config
blob - /dev/null
blob + 11dfa2566b90c140770a2454e4acacf992d39a9e (mode 644)
--- /dev/null
+++ scripts/shell/nsh-openbsd-integration.sh
@@ -0,0 +1,282 @@
+#!/bin/sh -
+
+dflt='No'
+
+#check if user is root
+if [ $(id -u) != 0 ];
+then
+	echo "Must be run as root"
+	exit
+else
+	#ask user do they want to continue
+	#default is No
+	echo "This script is built to suit a typical network configuration setup"
+	echo "If you have an unusual config, it is not recommended to run"
+	read input?"Do you want to continue? (Yes/No) [${dflt}] "
+
+	if [ -z "${input}" ]; then input="${dflt}"; fi
+	if [ "${input}" = 'Yes' ] || [ "${input}" = 'yes' ];
+	then
+		test -f /var/nsh/backup/pre-nsh-config && echo pre-nsh-config exists already && exit
+		test -f /etc/nshrc && echo etc-nshrc exists already && exit
+		 
+		mkdir -p /var/nsh/backup/pre-nsh-config
+		
+		#remove world permissions from created directories
+		chmod -R 750 /var/nsh
+		chown -R root /var/nsh
+		chgrp -R wheel /var/nsh 
+		#chmod 750 /var/nsh/backup
+		#chmod 750 /var/nsh/backup/pre-nsh-config
+		 
+		#checks if file exists
+		#makes a copy and moves conf file
+		#secures file
+		pf='/etc/pf.conf'
+		if [ -f $pf ]; then
+			cp /etc/pf.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/pf.conf /var/run/pf.conf.0
+			chown root /var/run/pf.conf.0
+			chgrp wheel /var/run/pf.conf.0
+			chmod 660 /var/run/pf.conf.0
+		else
+			echo etc-pf does not exist, not importing!
+		fi
+
+		ipsec='/etc/ipsec.conf'
+		if [ -f $ipsec ]; then
+			cp /etc/ipsec.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ipsec.conf /var/run/ipsec.conf.0
+			chown root /var/run/ipsec.conf.0
+			chgrp wheel /var/run/ipsec.conf.0
+			chmod 660 /var/run/ipsec.conf.0
+		else
+			echo etc-ipsec does not exist, not importing!
+		fi
+		 
+		bgpd='/etc/bgpd.conf'
+		if [ -f $bgpd ]; then
+			cp /etc/bgpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/bgpd.conf /var/run/bgpd.conf.0
+			chown root /var/run/bgpd.conf.0
+			chgrp wheel /var/run/bgpd.conf.0
+			chmod 660 /var/run/bgpd.conf.0
+		else
+			echo etc-bgpd does not exist, not importing!
+		fi
+		 
+		ospfd='/etc/ospfd.conf'
+		if [ -f $ospfd ]; then
+			cp /etc/ospfd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ospfd.conf /var/run/ospfd.conf.0
+			chown root /var/run/ospfd.conf.0
+			chgrp wheel /var/run/ospfd.conf.0
+			chmod 660 /var/run/ospfd.conf.0
+		else
+			echo etc-ospfd does not exist, not importing!
+		fi
+		 
+		 
+		ospf6d='/etc/ospf6d.conf'
+		if [ -f $ospf6d ]; then
+			cp /etc/ospf6d.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ospf6d.conf /var/run/ospf6d.conf.0
+			chown root /var/run/ospf6d.conf.0
+			chgrp wheel /var/run/ospf6d.conf.0
+			chmod 660 /var/run/ospf6d.conf.0
+		else
+			echo etc-ospf6d does not exist, not importing!
+			
+		fi
+		dhcpd='/etc/dhcpd.conf'
+		if [ -f $dhcpd ]; then
+			cp /etc/dhcpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/dhcpd.conf /var/run/dhcpd.conf.0
+			chown root /var/run/dhcpd.conf.0
+			chgrp wheel /var/run/dhcpd.conf.0
+			chmod 660 /var/run/dhcpd.conf.0
+		else
+			echo etc-dhcpd does not exist, not importing!
+		fi
+		
+		ntpd='/etc/ntpd.conf'
+		if [ -f $ntpd ]; then
+			cp /etc/ntpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ntpd.conf /var/run/ntpd.conf.0
+			chown root /var/run/ntpd.conf.0
+			chgrp wheel /var/run/ntpd.conf.0
+			chmod 660 /var/run/ntpd.conf.0
+		else
+			echo etc-ntpd does not exist, not importing!
+		fi
+		 
+		sshd_config='/etc/ssh/sshd_config'
+		if [ -f $sshd_config ]; then
+			cp /etc/ssh/sshd_config /var/nsh/backup/pre-nsh-config/
+			mv /etc/ssh/sshd_config /var/run/sshd.conf.0
+			chown root /var/run/sshd.conf.0
+			chgrp wheel /var/run/sshd.conf.0
+			chmod 660 /var/run/sshd.conf.0
+		else
+			echo etc-ssh_config does not exist, not importing!
+		fi
+
+		eigrpd='/etc/eigrpd.conf'
+		if [ -f $eigrpd ]; then
+			cp /etc/eigrpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/eigrpd.conf /var/run/eigrpd.conf.0
+			chown root /var/run/eigrpd.conf.0
+			chgrp wheel /var/run/eigrpd.conf.0
+			chmod 660 /var/run/eigrpd.conf.0
+		else
+			echo etc-eigrpd does not exist, not importing!
+		fi
+
+		relayd='/etc/relayd.conf'
+		if [ -f $relayd ]; then
+			cp /etc/relayd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/relayd.conf /var/run/relayd.conf.0
+			chown root /var/run/relayd.conf.0
+			chgrp wheel /var/run/relayd.conf.0
+			chmod 660 /var/run/relayd.conf.0
+		else
+			echo etc-relayd does not exist, not importing!
+		fi
+
+		ripd='/etc/ripd.conf'
+		if [ -f $ripd ]; then
+			cp /etc/ripd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ripd.conf /var/run/ripd.conf.0
+			chown root /var/run/ripd.conf.0
+			chgrp wheel /var/run/ripd.conf.0
+			chmod 660 /var/run/ripd.conf.0
+		else
+			echo etc-ripd does not exist, not importing!
+		fi
+		 
+		ldpd='/etc/ldpd.conf'
+		if [ -f $ldpd ]; then
+			cp /etc/ldpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ldpd.conf /var/run/ldpd.conf.0
+			chown root /var/run/ldpd.conf.0
+			chgrp wheel /var/run/ldpd.conf.0
+			chmod 660 /var/run/ldpd.conf.0
+		else
+			echo etc-ldpd does not exist, not importing!
+		fi
+		 
+		iked='/etc/iked.conf'
+		if [ -f $iked ]; then
+			cp /etc/iked.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/iked.conf /var/run/iked.conf.0
+			chown root /var/run/iked.conf.0
+			chgrp wheel /var/run/iked.conf.0
+			chmod 660 /var/run/iked.conf.0
+		else
+			echo etc-iked does not exist, not importing!
+		fi
+
+		snmpd='/etc/snmpd.conf'
+		if [ -f $snmpd ]; then
+			cp /etc/snmpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/snmpd.conf /var/run/snmpd.conf.0
+			chown root /var/run/snmpd.conf.0
+			chgrp wheel /var/run/snmpd.conf.0
+			chmod 660 /var/run/snmpd.conf.0
+		else
+			echo etc-snmpd does not exist, not importing!
+		fi
+		 
+		ldapd='/etc/ldapd.conf'
+		if [ -f $ldapd ]; then
+			cp /etc/ldapd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/ldapd.conf /var/run/ldapd.conf.0
+			chown root /var/run/ldapd.conf.0
+			chgrp wheel /var/run/ldapd.conf.0
+			chmod 660 /var/run/ldapd.conf.0
+		else
+			echo etc-ldapd does not exist, not importing!
+		fi
+
+		resolv='/etc/resolv.conf'
+		if [ -f $resolv ]; then
+			cp /etc/resolv.conf /var/nsh/backup/pre-nsh-config/
+			
+		else
+			echo etc-resolv does not exist, not backing up!
+		fi
+
+		motd='/etc/motd'
+		if [ -f $motd ]; then
+			cp /etc/motd /var/nsh/backup/pre-nsh-config/
+			mv /etc/motd /var/run/motd.0
+			sed -i 's/Welcome to OpenBSD/OpenBSD/g' /var/run/motd.0
+			ln -s /var/run/motd.0 /etc/motd
+			chown root /var/run/motd.0
+			chgrp wheel /var/run/motd.0
+			chmod 660 /var/run/motd.0
+		else 
+			echo etc-motd does not exist, not importing!
+		fi
+		
+		smtpd='/etc/mail/smtpd.conf'
+		if [ -f $smtpd ]; then
+			cp /etc/mail/smtpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/mail/smtpd.conf /var/run/smtpd.conf.0
+			chown root /var/run/smtpd.conf.0
+			chgrp wheel /var/run/smtpd.conf.0
+			chmod 660 /var/run/smtpd.conf.0
+		else 
+			echo etc-smtpd does not exist, not importing!
+		fi
+		
+		dvmrpd='/etc/dvmrpd.conf'
+		if [ -f $dvmrpd ]; then
+			cp /etc/dvmrpd.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/dvmrpd.conf /var/run/dvmrpd.conf.0
+			chown root /var/run/dvmrpd.conf.0
+			chgrp wheel /var/run/dvmrpd.conf.0
+			chmod 660 /var/run/dvmrpd.conf.0
+		else 
+			echo etc-dvmrpd does not exist, not importing!
+		fi
+		
+		sasync='/etc/sasync.conf'
+		if [ -f $sasync ]; then
+			cp /etc/sasync.conf /var/nsh/backup/pre-nsh-config/
+			mv /etc/sasync.conf /var/run/sasync.conf.0
+			chown root /var/run/sasync.conf.0
+			chgrp wheel /var/run/sasync.conf.0
+			chmod 660 /var/run/sasync.conf.0
+		else 
+			echo etc-sasyncd does not exist, not importing!
+		fi
+		
+		#setup and secure nshlog 
+		touch /var/log/nsh.log
+		chown root /var/log/nsh.log
+		chgrp wheel /var/log/nsh.log
+		chmod 660 /var/log/nsh.log
+		#import running Openbsd kernel configuration
+		/usr/local/bin/nsh -c ./write-config.nshrc
+		#secure nshrc config file 
+		chmod 660 /etc/nshrc
+		#Remove any networking config from /etc/ that conflicts with nsh
+		mv /etc/hostname.* /var/nsh/backup/pre-nsh-config/
+		mv /etc/mygate /var/nsh/backup/pre-nsh-config/
+		#can we import rc.conf.local to nsh config
+		mv /etc/rc.conf.local /var/nsh/backup/pre-nsh-config/
+		cp nsh /etc/rc.d/
+		chmod 555 /etc/rc.d/nsh
+		#enable nsh 
+		rcctl enable nsh
+		#disable services now managed by nsh 
+		rcctl disable ntpd
+		rcctl disable smtpd
+		rcctl disable sshd
+		echo reboot device for nsh configuration to take effect
+		/usr/local/bin/nsh -c ./enable-sshd.nshrc
+	else
+		exit
+	fi
+fi