commit - 5b66ac0b69d9684f9579c5cef44a1d4c41993249
commit + e05df6135adc342714e1eb0aa52000db39b6010c
blob - 5e86783637b685a1185858f43235998bd3428999 (mode 644)
blob + /dev/null
--- README
+++ /dev/null
-nsh//network config shell//Chris Cappuccio <chris@nmedia.net> version 1.1
-
-NSH is a CLI intended for OpenBSD-based network appliances. It replaces
-ifconfig, sysctl and route with its own simple command language, and
-encapsulates configuration for other daemons into one place, effectively
-replacing /etc/netstart and parts of /etc/rc for appliance-style usage.
-
-Daemons and services encapsulated by nsh:
-
-bgpd, dhcpd, dhcpleased, dhcrelay, dvmrpd, eigrpd, ftp-proxy, ifstated, inetd,
-iked, ipsecctl, ldapd, ldpd, npppd, ntpd, ospfd, ospf6d, pf, rad, relayd,
-resolvd, ripd, sasyncd, slaacd, smtpd, snmpd, sshd, tftpd, tftp-proxy.
-
-NSH is freely licensed, in the BSD style.
-
-In conjunction with the OpenBSD kernel and the daemons you wish to control,
-you have a fully functioning network appliance type of system.
-
-See https://github.com/yellowman/nsh/wiki/NSH-Manual-page or
-nsh.8 manual for detailed installation instructions and command set.
-
-See the to-do list on https://github.com/users/yellowman/projects/1 for
-details on implementation status and future ideas.
-
-See http://github.com/yellowman/nsh/ for current source code repository.
-See http://www.nmedia.net/nsh/ for example configurations and mailing
-list.
-
-See https://www.youtube.com/watch?v=WMKxIHaWaG0 for an EurobsdCon 2022
-Presentation on NSH for network administrators.
blob - /dev/null
blob + 3e50706edef704b575bf753ec2007b60a57134fa (mode 644)
--- /dev/null
+++ README.md
+# nsh
+
+## network shell
+
+---
+Chris Cappuccio <chris@nmedia.net> version 1.1
+
+
+NSH is a CLI intended for OpenBSD-based network appliances. It replaces
+ifconfig, sysctl and route with its own simple command language, and
+encapsulates configuration for other daemons into one place, effectively
+replacing /etc/netstart and parts of /etc/rc for appliance-style usage.
+
+## Daemons and services encapsulated by nsh:
+
+bgpd, dhcpd, dhcpleased, dhcrelay, dvmrpd, eigrpd, ftp-proxy, ifstated, inetd,
+iked, ipsecctl, ldapd, ldpd, npppd, ntpd, ospfd, ospf6d, pf, rad, relayd,
+resolvd, ripd, sasyncd, slaacd, smtpd, snmpd, sshd, tftpd, tftp-proxy.
+
+---
+
+## License
+
+NSH is freely licensed, in the BSD style.
+
+In conjunction with the OpenBSD kernel and the daemons you wish to control,
+you have a fully functioning network appliance type of system.
+
+---
+
+## NSH Manual
+
+See https://github.com/yellowman/nsh/wiki/NSH-Manual-page or
+nsh.8 manual for detailed installation instructions and command set.
+
+See the to-do list on https://github.com/users/yellowman/projects/1 for
+details on implementation status and future ideas.
+
+See http://github.com/yellowman/nsh/ for current source code repository.
+See http://www.nmedia.net/nsh/ for example configurations and mailing
+list.
+
+See https://www.youtube.com/watch?v=WMKxIHaWaG0 for an EurobsdCon 2022
+Presentation on NSH for network administrators.
+
+---
+
+## Quickstart Guide for installing and building **nsh** on an OpenBSD system
+
+1. Install OpenBSD on your system
+
+2. Install the OpenBSD port of nsh on your system -(this will install the latest nsh release version)
+
+```shell
+pkg_add nsh
+```
+
+3. Install git on your system to allow fetching more recent versions of nsh from github
+
+```shell
+pkg_add git
+```
+
+4. to download the latest development of nsh use git to download the latest nsh repository
+
+```shell
+git clone https://github.com/yellowman/nsh
+```
+
+5. change directory to the downloaded nsh directory
+
+```shell
+cd nsh
+```
+
+6. to build the nsh sources follow the steps below
+
+6a. make objects
+
+```shell
+make obj
+```
+
+6b. make / compile the sources
+
+```shell
+make
+```
+
+6c. Install the compiled nsh binaries and supporting files (you will need root privileges to do this).
+
+```shell
+make install
+```
+
+7. To have nsh take over the configuration of a system a number of steps that need to be carried out such as
+
+
+7a. Backup configuration of system, daemons and network in /etc
+
+7b. Copy the configuration files to /var/run/example-configfilename.0 (the .0 file extension) implies running in the default rdomain / rtable (rdomain 0)
+
+7c. save the running config to /etc/nshrc
+
+7d. secure the /etc/nshrc file so that world cannot read, write or execute it .
+
+7e. configure the system to run nsh -i /etc/nshrc either adding a line to /etc/rc.local or using an rccctl script for nsh.
+
+For the users convenience, the above steps can be largely automated by running the **rc.local-nsh-openbsd-integration.sh** script and following on screen instructions.
+
+```shell
+cd scripts/
+./rc.local-nsh-openbsd-integration.sh
+```
+
+8. once configuration has been imported, restart the system and verify nsh config is running as expected
+
+
+10. please provide feedback , bug repots and suggestions to the developers on our mailing list <nsh@lists.deschutesdigital.com> .
+
+
+
+
blob - /dev/null
blob + 2c7e3ffff6026e8a0cb93a4c38262738babcd5bb (mode 644)
--- /dev/null
+++ scripts/shell/rc.local-nsh-openbsd-integration.sh
+#!/bin/sh -
+
+dflt='No'
+
+#check if user is root
+if [ $(id -u) != 0 ];
+then
+ echo "Must be run as root"
+ exit
+else
+ #ask user do they want to continue
+ #default is No
+ echo "This script is built to suit a typical OpenBSD network setup"
+ echo "If you have an unusual config, e.g. multiple routing domains"
+ echo "The import script will require user verification"
+ echo "This script is designed to assist a user with using nsh on"
+ echo "top of a fresh OpenBSD installation."
+ read input?"Do you want to continue? (Yes/No) [${dflt}] "
+
+ if [ -z "${input}" ]; then input="${dflt}"; fi
+ if [ "${input}" = 'Yes' ] || [ "${input}" = 'yes' ];
+ then
+ test -f /var/nsh/backup/pre-nsh-config && echo pre-nsh-config exists already && exit
+ test -f /etc/nshrc && echo etc-nshrc exists already && exit
+
+ mkdir -p /var/nsh/backup/pre-nsh-config
+
+ #remove world permissions from created directories
+ chmod -R 750 /var/nsh
+ chown -R root /var/nsh
+ chgrp -R wheel /var/nsh
+ #chmod 750 /var/nsh/backup
+ #chmod 750 /var/nsh/backup/pre-nsh-config
+
+ #checks if file exists
+ #makes a copy and moves conf file
+ #secures file
+ pf='/etc/pf.conf'
+ if [ -f $pf ]; then
+ cp /etc/pf.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/pf.conf /var/run/pf.conf.0
+ chown root /var/run/pf.conf.0
+ chgrp wheel /var/run/pf.conf.0
+ chmod 660 /var/run/pf.conf.0
+ else
+ echo etc-pf does not exist, not importing!
+ fi
+
+ ipsec='/etc/ipsec.conf'
+ if [ -f $ipsec ]; then
+ cp /etc/ipsec.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ipsec.conf /var/run/ipsec.conf.0
+ chown root /var/run/ipsec.conf.0
+ chgrp wheel /var/run/ipsec.conf.0
+ chmod 660 /var/run/ipsec.conf.0
+ else
+ echo etc-ipsec does not exist, not importing!
+ fi
+
+ bgpd='/etc/bgpd.conf'
+ if [ -f $bgpd ]; then
+ cp /etc/bgpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/bgpd.conf /var/run/bgpd.conf.0
+ chown root /var/run/bgpd.conf.0
+ chgrp wheel /var/run/bgpd.conf.0
+ chmod 660 /var/run/bgpd.conf.0
+ else
+ echo etc-bgpd does not exist, not importing!
+ fi
+
+ ospfd='/etc/ospfd.conf'
+ if [ -f $ospfd ]; then
+ cp /etc/ospfd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ospfd.conf /var/run/ospfd.conf.0
+ chown root /var/run/ospfd.conf.0
+ chgrp wheel /var/run/ospfd.conf.0
+ chmod 660 /var/run/ospfd.conf.0
+ else
+ echo etc-ospfd does not exist, not importing!
+ fi
+
+
+ ospf6d='/etc/ospf6d.conf'
+ if [ -f $ospf6d ]; then
+ cp /etc/ospf6d.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ospf6d.conf /var/run/ospf6d.conf.0
+ chown root /var/run/ospf6d.conf.0
+ chgrp wheel /var/run/ospf6d.conf.0
+ chmod 660 /var/run/ospf6d.conf.0
+ else
+ echo etc-ospf6d does not exist, not importing!
+
+ fi
+ dhcpd='/etc/dhcpd.conf'
+ if [ -f $dhcpd ]; then
+ cp /etc/dhcpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/dhcpd.conf /var/run/dhcpd.conf.0
+ chown root /var/run/dhcpd.conf.0
+ chgrp wheel /var/run/dhcpd.conf.0
+ chmod 660 /var/run/dhcpd.conf.0
+ else
+ echo etc-dhcpd does not exist, not importing!
+ fi
+
+ ntpd='/etc/ntpd.conf'
+ if [ -f $ntpd ]; then
+ cp /etc/ntpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ntpd.conf /var/run/ntpd.conf.0
+ chown root /var/run/ntpd.conf.0
+ chgrp wheel /var/run/ntpd.conf.0
+ chmod 660 /var/run/ntpd.conf.0
+ else
+ echo etc-ntpd does not exist, not importing!
+ fi
+
+ sshd_config='/etc/ssh/sshd_config'
+ if [ -f $sshd_config ]; then
+ cp /etc/ssh/sshd_config /var/nsh/backup/pre-nsh-config/
+ mv /etc/ssh/sshd_config /var/run/sshd.conf.0
+ chown root /var/run/sshd.conf.0
+ chgrp wheel /var/run/sshd.conf.0
+ chmod 660 /var/run/sshd.conf.0
+ else
+ echo etc-ssh_config does not exist, not importing!
+ fi
+
+ eigrpd='/etc/eigrpd.conf'
+ if [ -f $eigrpd ]; then
+ cp /etc/eigrpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/eigrpd.conf /var/run/eigrpd.conf.0
+ chown root /var/run/eigrpd.conf.0
+ chgrp wheel /var/run/eigrpd.conf.0
+ chmod 660 /var/run/eigrpd.conf.0
+ else
+ echo etc-eigrpd does not exist, not importing!
+ fi
+
+ relayd='/etc/relayd.conf'
+ if [ -f $relayd ]; then
+ cp /etc/relayd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/relayd.conf /var/run/relayd.conf.0
+ chown root /var/run/relayd.conf.0
+ chgrp wheel /var/run/relayd.conf.0
+ chmod 660 /var/run/relayd.conf.0
+ else
+ echo etc-relayd does not exist, not importing!
+ fi
+
+ ripd='/etc/ripd.conf'
+ if [ -f $ripd ]; then
+ cp /etc/ripd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ripd.conf /var/run/ripd.conf.0
+ chown root /var/run/ripd.conf.0
+ chgrp wheel /var/run/ripd.conf.0
+ chmod 660 /var/run/ripd.conf.0
+ else
+ echo etc-ripd does not exist, not importing!
+ fi
+
+ ldpd='/etc/ldpd.conf'
+ if [ -f $ldpd ]; then
+ cp /etc/ldpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ldpd.conf /var/run/ldpd.conf.0
+ chown root /var/run/ldpd.conf.0
+ chgrp wheel /var/run/ldpd.conf.0
+ chmod 660 /var/run/ldpd.conf.0
+ else
+ echo etc-ldpd does not exist, not importing!
+ fi
+
+ iked='/etc/iked.conf'
+ if [ -f $iked ]; then
+ cp /etc/iked.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/iked.conf /var/run/iked.conf.0
+ chown root /var/run/iked.conf.0
+ chgrp wheel /var/run/iked.conf.0
+ chmod 660 /var/run/iked.conf.0
+ else
+ echo etc-iked does not exist, not importing!
+ fi
+
+ snmpd='/etc/snmpd.conf'
+ if [ -f $snmpd ]; then
+ cp /etc/snmpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/snmpd.conf /var/run/snmpd.conf.0
+ chown root /var/run/snmpd.conf.0
+ chgrp wheel /var/run/snmpd.conf.0
+ chmod 660 /var/run/snmpd.conf.0
+ else
+ echo etc-snmpd does not exist, not importing!
+ fi
+
+ ldapd='/etc/ldapd.conf'
+ if [ -f $ldapd ]; then
+ cp /etc/ldapd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/ldapd.conf /var/run/ldapd.conf.0
+ chown root /var/run/ldapd.conf.0
+ chgrp wheel /var/run/ldapd.conf.0
+ chmod 660 /var/run/ldapd.conf.0
+ else
+ echo etc-ldapd does not exist, not importing!
+ fi
+
+ resolv='/etc/resolv.conf'
+ if [ -f $resolv ]; then
+ cp /etc/resolv.conf /var/nsh/backup/pre-nsh-config/
+
+ else
+ echo etc-resolv does not exist, not backing up!
+ fi
+
+ motd='/etc/motd'
+ if [ -f $motd ]; then
+ cp /etc/motd /var/nsh/backup/pre-nsh-config/
+ mv /etc/motd /var/run/motd.0
+ sed -i 's/Welcome to OpenBSD/OpenBSD/g' /var/run/motd.0
+ ln -s /var/run/motd.0 /etc/motd
+ chown root /var/run/motd.0
+ chgrp wheel /var/run/motd.0
+ chmod 660 /var/run/motd.0
+ else
+ echo etc-motd does not exist, not importing!
+ fi
+
+ smtpd='/etc/mail/smtpd.conf'
+ if [ -f $smtpd ]; then
+ cp /etc/mail/smtpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/mail/smtpd.conf /var/run/smtpd.conf.0
+ chown root /var/run/smtpd.conf.0
+ chgrp wheel /var/run/smtpd.conf.0
+ chmod 660 /var/run/smtpd.conf.0
+ else
+ echo etc-smtpd does not exist, not importing!
+ fi
+
+ dvmrpd='/etc/dvmrpd.conf'
+ if [ -f $dvmrpd ]; then
+ cp /etc/dvmrpd.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/dvmrpd.conf /var/run/dvmrpd.conf.0
+ chown root /var/run/dvmrpd.conf.0
+ chgrp wheel /var/run/dvmrpd.conf.0
+ chmod 660 /var/run/dvmrpd.conf.0
+ else
+ echo etc-dvmrpd does not exist, not importing!
+ fi
+
+ sasync='/etc/sasync.conf'
+ if [ -f $sasync ]; then
+ cp /etc/sasync.conf /var/nsh/backup/pre-nsh-config/
+ mv /etc/sasync.conf /var/run/sasync.conf.0
+ chown root /var/run/sasync.conf.0
+ chgrp wheel /var/run/sasync.conf.0
+ chmod 660 /var/run/sasync.conf.0
+ else
+ echo etc-sasyncd does not exist, not importing!
+ fi
+
+ #setup and secure nshlog
+ touch /var/log/nsh.log
+ chown root /var/log/nsh.log
+ chgrp wheel /var/log/nsh.log
+ chmod 660 /var/log/nsh.log
+ #import running Openbsd kernel configuration
+ /usr/local/bin/nsh -c ../nshrc/write-config.nshrc
+ #secure nshrc config file
+ chmod 660 /etc/nshrc
+ echo /usr/local/bin/nsh -i /etc/nshrc >>/etc/rc.local
+ else
+ exit
+ fi
+fi
