commit 4ad1a7fb37babdf8bc6becc72d712f0a8e43eaff from: smytht date: Sat Mar 11 17:20:53 2023 UTC move nsh-scripts-1.0 to nsh-scripts rename directory while preserving file commit history commit - 2c64685c5981b27557f833c412b905e338157f15 commit + 4ad1a7fb37babdf8bc6becc72d712f0a8e43eaff blob - 45b22b89d89978726d421226ddaa02da6a3791a0 (mode 644) blob + /dev/null --- nsh-scripts-1.0/bin/enable-sshd.nshrc +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/local/bin/nsh - -enable -sshd enable -write memory -quit blob - 889370280d2de3b80ff2e03e4aeef5736e81059e (mode 644) blob + /dev/null --- nsh-scripts-1.0/bin/initial-config.nshrc +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/local/bin/nsh - -enable -pf enable -sshd enable -dns local-control -write-config blob - de25a27d1617554f64500ae0ca119cf95cc122f9 (mode 644) blob + /dev/null --- nsh-scripts-1.0/bin/mg-env-settings +++ /dev/null @@ -1 +0,0 @@ -VISUAL=/usr/bin/mg; export VISUAL; EDITOR=/usr/bin/mg; export EDITOR blob - b30fd80eb373ca572a4947d40542ebcd446f74d8 (mode 755) blob + /dev/null --- nsh-scripts-1.0/bin/nsh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/ksh -# -# $OpenBSD: nsh,v 1.0 2022/04/07 01:41:16 cappuccio Exp $ - -daemon="/usr/local/bin/nsh" -daemon_flags=" -v -i /etc/nshrc | tee -a /var/log/nsh.log" - -rc_reload=NO - -. /etc/rc.d/rc.subr - -rc_cmd $1 blob - 95794c2ca587a93759a6d34fa989b40434fb2ade (mode 644) blob + /dev/null --- nsh-scripts-1.0/bin/nsh-openbsd-integration.sh +++ /dev/null @@ -1,287 +0,0 @@ -#!/bin/sh - - -dflt='No' - -#check if user is root -if [ $(id -u) != 0 ]; -then - echo "Must be run as root" - exit -else - #ask user do they want to continue - #default is No - echo "This script is built to suit a typical network configuration setup" - echo "If you have an unusual config, it is not recommended to run" - read input?"Do you want to continue? (Yes/No) [${dflt}] " - - if [ -z "${input}" ]; then input="${dflt}"; fi - if [ "${input}" = 'Yes' ] || [ "${input}" = 'yes' ]; - then - test -f /var/nsh/backup/pre-nsh-config && echo pre-nsh-config exists already && exit - test -f /etc/nshrc && echo etc-nshrc exists already && exit - - mkdir -p /var/nsh/backup/pre-nsh-config - - #remove world permissions from created directories - chmod -R 750 /var/nsh - chown -R root /var/nsh - chgrp -R wheel /var/nsh - #chmod 750 /var/nsh/backup - #chmod 750 /var/nsh/backup/pre-nsh-config - - #checks if file exists - #makes a copy and moves conf file - #secures file - pf='/etc/pf.conf' - if [ -f $pf ]; then - cp /etc/pf.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/pf.conf /var/run/pf.conf.0 - chown root /var/run/pf.conf.0 - chgrp wheel /var/run/pf.conf.0 - chmod 660 /var/run/pf.conf.0 - else - echo etc-pf does not exist, not importing! - fi - - ipsec='/etc/ipsec.conf' - if [ -f $ipsec ]; then - cp /etc/ipsec.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ipsec.conf /var/run/ipsec.conf.0 - chown root /var/run/ipsec.conf.0 - chgrp wheel /var/run/ipsec.conf.0 - chmod 660 /var/run/ipsec.conf.0 - else - echo etc-ipsec does not exist, not importing! - fi - - bgpd='/etc/bgpd.conf' - if [ -f $bgpd ]; then - cp /etc/bgpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/bgpd.conf /var/run/bgpd.conf.0 - chown root /var/run/bgpd.conf.0 - chgrp wheel /var/run/bgpd.conf.0 - chmod 660 /var/run/bgpd.conf.0 - else - echo etc-bgpd does not exist, not importing! - fi - - ospfd='/etc/ospfd.conf' - if [ -f $ospfd ]; then - cp /etc/ospfd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ospfd.conf /var/run/ospfd.conf.0 - chown root /var/run/ospfd.conf.0 - chgrp wheel /var/run/ospfd.conf.0 - chmod 660 /var/run/ospfd.conf.0 - else - echo etc-ospfd does not exist, not importing! - fi - - - ospf6d='/etc/ospf6d.conf' - if [ -f $ospf6d ]; then - cp /etc/ospf6d.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ospf6d.conf /var/run/ospf6d.conf.0 - chown root /var/run/ospf6d.conf.0 - chgrp wheel /var/run/ospf6d.conf.0 - chmod 660 /var/run/ospf6d.conf.0 - else - echo etc-ospf6d does not exist, not importing! - - fi - dhcpd='/etc/dhcpd.conf' - if [ -f $dhcpd ]; then - cp /etc/dhcpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/dhcpd.conf /var/run/dhcpd.conf.0 - chown root /var/run/dhcpd.conf.0 - chgrp wheel /var/run/dhcpd.conf.0 - chmod 660 /var/run/dhcpd.conf.0 - else - echo etc-dhcpd does not exist, not importing! - fi - - ntpd='/etc/ntpd.conf' - if [ -f $ntpd ]; then - cp /etc/ntpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ntpd.conf /var/run/ntpd.conf.0 - chown root /var/run/ntpd.conf.0 - chgrp wheel /var/run/ntpd.conf.0 - chmod 660 /var/run/ntpd.conf.0 - else - echo etc-ntpd does not exist, not importing! - fi - - sshd_config='/etc/ssh/sshd_config' - if [ -f $sshd_config ]; then - cp /etc/ssh/sshd_config /var/nsh/backup/pre-nsh-config/ - mv /etc/ssh/sshd_config /var/run/sshd.conf.0 - chown root /var/run/sshd.conf.0 - chgrp wheel /var/run/sshd.conf.0 - chmod 660 /var/run/sshd.conf.0 - else - echo etc-ssh_config does not exist, not importing! - fi - - eigrpd='/etc/eigrpd.conf' - if [ -f $eigrpd ]; then - cp /etc/eigrpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/eigrpd.conf /var/run/eigrpd.conf.0 - chown root /var/run/eigrpd.conf.0 - chgrp wheel /var/run/eigrpd.conf.0 - chmod 660 /var/run/eigrpd.conf.0 - else - echo etc-eigrpd does not exist, not importing! - fi - - relayd='/etc/relayd.conf' - if [ -f $relayd ]; then - cp /etc/relayd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/relayd.conf /var/run/relayd.conf.0 - chown root /var/run/relayd.conf.0 - chgrp wheel /var/run/relayd.conf.0 - chmod 660 /var/run/relayd.conf.0 - else - echo etc-relayd does not exist, not importing! - fi - - ripd='/etc/ripd.conf' - if [ -f $ripd ]; then - cp /etc/ripd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ripd.conf /var/run/ripd.conf.0 - chown root /var/run/ripd.conf.0 - chgrp wheel /var/run/ripd.conf.0 - chmod 660 /var/run/ripd.conf.0 - else - echo etc-ripd does not exist, not importing! - fi - - ldpd='/etc/ldpd.conf' - if [ -f $ldpd ]; then - cp /etc/ldpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ldpd.conf /var/run/ldpd.conf.0 - chown root /var/run/ldpd.conf.0 - chgrp wheel /var/run/ldpd.conf.0 - chmod 660 /var/run/ldpd.conf.0 - else - echo etc-ldpd does not exist, not importing! - fi - - iked='/etc/iked.conf' - if [ -f $iked ]; then - cp /etc/iked.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/iked.conf /var/run/iked.conf.0 - chown root /var/run/iked.conf.0 - chgrp wheel /var/run/iked.conf.0 - chmod 660 /var/run/iked.conf.0 - else - echo etc-iked does not exist, not importing! - fi - - snmpd='/etc/snmpd.conf' - if [ -f $snmpd ]; then - cp /etc/snmpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/snmpd.conf /var/run/snmpd.conf.0 - chown root /var/run/snmpd.conf.0 - chgrp wheel /var/run/snmpd.conf.0 - chmod 660 /var/run/snmpd.conf.0 - else - echo etc-snmpd does not exist, not importing! - fi - - ldapd='/etc/ldapd.conf' - if [ -f $ldapd ]; then - cp /etc/ldapd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/ldapd.conf /var/run/ldapd.conf.0 - chown root /var/run/ldapd.conf.0 - chgrp wheel /var/run/ldapd.conf.0 - chmod 660 /var/run/ldapd.conf.0 - else - echo etc-ldapd does not exist, not importing! - fi - - resolv='/etc/resolv.conf' - if [ -f $resolv ]; then - cp /etc/resolv.conf /var/nsh/backup/pre-nsh-config/ - rcctl stop resolvd - mv /etc/resolv.conf /var/run/resolv.conf.0 - chown root /var/run/resolv.conf.0 - chgrp wheel /var/run/resolv.conf.0 - chmod 660 /var/run/resolv.conf.0 - ln -s /var/run/resolv.conf.0 /etc/resolv.conf - rcctl start resolvd - else - echo etc-resolv does not exist, not importing! - fi - - motd='/etc/motd' - if [ -f $motd ]; then - cp /etc/motd /var/nsh/backup/pre-nsh-config/ - mv /etc/motd /var/run/motd.0 - ln -s /var/run/motd.0 /etc/motd - chown root /var/run/motd.0 - chgrp wheel /var/run/motd.0 - chmod 660 /var/run/motd.0 - else - echo etc-motd does not exist, not importing! - fi - - smtpd='/etc/mail/smtpd.conf' - if [ -f $smtpd ]; then - cp /etc/mail/smtpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/mail/smtpd.conf /var/run/smtpd.conf.0 - chown root /var/run/smtpd.conf.0 - chgrp wheel /var/run/smtpd.conf.0 - chmod 660 /var/run/smtpd.conf.0 - else - echo etc-smtpd does not exist, not importing! - fi - - dvmrpd='/etc/dvmrpd.conf' - if [ -f $dvmrpd ]; then - cp /etc/dvmrpd.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/dvmrpd.conf /var/run/dvmrpd.conf.0 - chown root /var/run/dvmrpd.conf.0 - chgrp wheel /var/run/dvmrpd.conf.0 - chmod 660 /var/run/dvmrpd.conf.0 - else - echo etc-dvmrpd does not exist, not importing! - fi - - sasync='/etc/sasync.conf' - if [ -f $sasync ]; then - cp /etc/sasync.conf /var/nsh/backup/pre-nsh-config/ - mv /etc/sasync.conf /var/run/sasync.conf.0 - chown root /var/run/sasync.conf.0 - chgrp wheel /var/run/sasync.conf.0 - chmod 660 /var/run/sasync.conf.0 - else - echo etc-sasyncd does not exist, not importing! - fi - - #setup and secure nshlog - touch /var/log/nsh.log - chown root /var/log/nsh.log - chgrp wheel /var/log/nsh.log - chmod 660 /var/log/nsh.log - #import running Openbsd kernel configuration - /usr/local/bin/nsh -c ./write-config.nshrc - #secure nshrc config file - chmod 660 /etc/nshrc - #Remove any networking config from /etc/ that conflicts with nsh - mv /etc/hostname.* /var/nsh/backup/pre-nsh-config/ - mv /etc/mygate /var/nsh/backup/pre-nsh-config/ - #can we import rc.conf.local to nsh config - mv /etc/rc.conf.local /var/nsh/backup/pre-nsh-config/ - cp nsh /etc/rc.d/ - chmod +x /etc/rd.d/nsh - rcctl disable pf ntpd - #Disable these network management daemons until we know how to integrate them ? - rcctl disable resolvd dhcpleased slaacd - #enable nsh - rcctl enable nsh - echo reboot device for nsh configuration to take effect - /usr/local/bin/nsh -c ./enable-sshd.nshrc - - else - exit - fi -fi blob - 9048768cae24c3d67326470392210a2e5703493a (mode 644) blob + /dev/null --- nsh-scripts-1.0/bin/write-config.nshrc +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/local/bin/nsh -enable -write-config blob - /dev/null blob + 45b22b89d89978726d421226ddaa02da6a3791a0 (mode 644) --- /dev/null +++ nsh-scripts/bin/enable-sshd.nshrc @@ -0,0 +1,5 @@ +#!/usr/local/bin/nsh - +enable +sshd enable +write memory +quit blob - /dev/null blob + 889370280d2de3b80ff2e03e4aeef5736e81059e (mode 644) --- /dev/null +++ nsh-scripts/bin/initial-config.nshrc @@ -0,0 +1,6 @@ +#!/usr/local/bin/nsh - +enable +pf enable +sshd enable +dns local-control +write-config blob - /dev/null blob + de25a27d1617554f64500ae0ca119cf95cc122f9 (mode 644) --- /dev/null +++ nsh-scripts/bin/mg-env-settings @@ -0,0 +1 @@ +VISUAL=/usr/bin/mg; export VISUAL; EDITOR=/usr/bin/mg; export EDITOR blob - /dev/null blob + b30fd80eb373ca572a4947d40542ebcd446f74d8 (mode 644) --- /dev/null +++ nsh-scripts/bin/nsh @@ -0,0 +1,12 @@ +#!/bin/ksh +# +# $OpenBSD: nsh,v 1.0 2022/04/07 01:41:16 cappuccio Exp $ + +daemon="/usr/local/bin/nsh" +daemon_flags=" -v -i /etc/nshrc | tee -a /var/log/nsh.log" + +rc_reload=NO + +. /etc/rc.d/rc.subr + +rc_cmd $1 blob - /dev/null blob + 95794c2ca587a93759a6d34fa989b40434fb2ade (mode 644) --- /dev/null +++ nsh-scripts/bin/nsh-openbsd-integration.sh @@ -0,0 +1,287 @@ +#!/bin/sh - + +dflt='No' + +#check if user is root +if [ $(id -u) != 0 ]; +then + echo "Must be run as root" + exit +else + #ask user do they want to continue + #default is No + echo "This script is built to suit a typical network configuration setup" + echo "If you have an unusual config, it is not recommended to run" + read input?"Do you want to continue? (Yes/No) [${dflt}] " + + if [ -z "${input}" ]; then input="${dflt}"; fi + if [ "${input}" = 'Yes' ] || [ "${input}" = 'yes' ]; + then + test -f /var/nsh/backup/pre-nsh-config && echo pre-nsh-config exists already && exit + test -f /etc/nshrc && echo etc-nshrc exists already && exit + + mkdir -p /var/nsh/backup/pre-nsh-config + + #remove world permissions from created directories + chmod -R 750 /var/nsh + chown -R root /var/nsh + chgrp -R wheel /var/nsh + #chmod 750 /var/nsh/backup + #chmod 750 /var/nsh/backup/pre-nsh-config + + #checks if file exists + #makes a copy and moves conf file + #secures file + pf='/etc/pf.conf' + if [ -f $pf ]; then + cp /etc/pf.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/pf.conf /var/run/pf.conf.0 + chown root /var/run/pf.conf.0 + chgrp wheel /var/run/pf.conf.0 + chmod 660 /var/run/pf.conf.0 + else + echo etc-pf does not exist, not importing! + fi + + ipsec='/etc/ipsec.conf' + if [ -f $ipsec ]; then + cp /etc/ipsec.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ipsec.conf /var/run/ipsec.conf.0 + chown root /var/run/ipsec.conf.0 + chgrp wheel /var/run/ipsec.conf.0 + chmod 660 /var/run/ipsec.conf.0 + else + echo etc-ipsec does not exist, not importing! + fi + + bgpd='/etc/bgpd.conf' + if [ -f $bgpd ]; then + cp /etc/bgpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/bgpd.conf /var/run/bgpd.conf.0 + chown root /var/run/bgpd.conf.0 + chgrp wheel /var/run/bgpd.conf.0 + chmod 660 /var/run/bgpd.conf.0 + else + echo etc-bgpd does not exist, not importing! + fi + + ospfd='/etc/ospfd.conf' + if [ -f $ospfd ]; then + cp /etc/ospfd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ospfd.conf /var/run/ospfd.conf.0 + chown root /var/run/ospfd.conf.0 + chgrp wheel /var/run/ospfd.conf.0 + chmod 660 /var/run/ospfd.conf.0 + else + echo etc-ospfd does not exist, not importing! + fi + + + ospf6d='/etc/ospf6d.conf' + if [ -f $ospf6d ]; then + cp /etc/ospf6d.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ospf6d.conf /var/run/ospf6d.conf.0 + chown root /var/run/ospf6d.conf.0 + chgrp wheel /var/run/ospf6d.conf.0 + chmod 660 /var/run/ospf6d.conf.0 + else + echo etc-ospf6d does not exist, not importing! + + fi + dhcpd='/etc/dhcpd.conf' + if [ -f $dhcpd ]; then + cp /etc/dhcpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/dhcpd.conf /var/run/dhcpd.conf.0 + chown root /var/run/dhcpd.conf.0 + chgrp wheel /var/run/dhcpd.conf.0 + chmod 660 /var/run/dhcpd.conf.0 + else + echo etc-dhcpd does not exist, not importing! + fi + + ntpd='/etc/ntpd.conf' + if [ -f $ntpd ]; then + cp /etc/ntpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ntpd.conf /var/run/ntpd.conf.0 + chown root /var/run/ntpd.conf.0 + chgrp wheel /var/run/ntpd.conf.0 + chmod 660 /var/run/ntpd.conf.0 + else + echo etc-ntpd does not exist, not importing! + fi + + sshd_config='/etc/ssh/sshd_config' + if [ -f $sshd_config ]; then + cp /etc/ssh/sshd_config /var/nsh/backup/pre-nsh-config/ + mv /etc/ssh/sshd_config /var/run/sshd.conf.0 + chown root /var/run/sshd.conf.0 + chgrp wheel /var/run/sshd.conf.0 + chmod 660 /var/run/sshd.conf.0 + else + echo etc-ssh_config does not exist, not importing! + fi + + eigrpd='/etc/eigrpd.conf' + if [ -f $eigrpd ]; then + cp /etc/eigrpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/eigrpd.conf /var/run/eigrpd.conf.0 + chown root /var/run/eigrpd.conf.0 + chgrp wheel /var/run/eigrpd.conf.0 + chmod 660 /var/run/eigrpd.conf.0 + else + echo etc-eigrpd does not exist, not importing! + fi + + relayd='/etc/relayd.conf' + if [ -f $relayd ]; then + cp /etc/relayd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/relayd.conf /var/run/relayd.conf.0 + chown root /var/run/relayd.conf.0 + chgrp wheel /var/run/relayd.conf.0 + chmod 660 /var/run/relayd.conf.0 + else + echo etc-relayd does not exist, not importing! + fi + + ripd='/etc/ripd.conf' + if [ -f $ripd ]; then + cp /etc/ripd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ripd.conf /var/run/ripd.conf.0 + chown root /var/run/ripd.conf.0 + chgrp wheel /var/run/ripd.conf.0 + chmod 660 /var/run/ripd.conf.0 + else + echo etc-ripd does not exist, not importing! + fi + + ldpd='/etc/ldpd.conf' + if [ -f $ldpd ]; then + cp /etc/ldpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ldpd.conf /var/run/ldpd.conf.0 + chown root /var/run/ldpd.conf.0 + chgrp wheel /var/run/ldpd.conf.0 + chmod 660 /var/run/ldpd.conf.0 + else + echo etc-ldpd does not exist, not importing! + fi + + iked='/etc/iked.conf' + if [ -f $iked ]; then + cp /etc/iked.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/iked.conf /var/run/iked.conf.0 + chown root /var/run/iked.conf.0 + chgrp wheel /var/run/iked.conf.0 + chmod 660 /var/run/iked.conf.0 + else + echo etc-iked does not exist, not importing! + fi + + snmpd='/etc/snmpd.conf' + if [ -f $snmpd ]; then + cp /etc/snmpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/snmpd.conf /var/run/snmpd.conf.0 + chown root /var/run/snmpd.conf.0 + chgrp wheel /var/run/snmpd.conf.0 + chmod 660 /var/run/snmpd.conf.0 + else + echo etc-snmpd does not exist, not importing! + fi + + ldapd='/etc/ldapd.conf' + if [ -f $ldapd ]; then + cp /etc/ldapd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/ldapd.conf /var/run/ldapd.conf.0 + chown root /var/run/ldapd.conf.0 + chgrp wheel /var/run/ldapd.conf.0 + chmod 660 /var/run/ldapd.conf.0 + else + echo etc-ldapd does not exist, not importing! + fi + + resolv='/etc/resolv.conf' + if [ -f $resolv ]; then + cp /etc/resolv.conf /var/nsh/backup/pre-nsh-config/ + rcctl stop resolvd + mv /etc/resolv.conf /var/run/resolv.conf.0 + chown root /var/run/resolv.conf.0 + chgrp wheel /var/run/resolv.conf.0 + chmod 660 /var/run/resolv.conf.0 + ln -s /var/run/resolv.conf.0 /etc/resolv.conf + rcctl start resolvd + else + echo etc-resolv does not exist, not importing! + fi + + motd='/etc/motd' + if [ -f $motd ]; then + cp /etc/motd /var/nsh/backup/pre-nsh-config/ + mv /etc/motd /var/run/motd.0 + ln -s /var/run/motd.0 /etc/motd + chown root /var/run/motd.0 + chgrp wheel /var/run/motd.0 + chmod 660 /var/run/motd.0 + else + echo etc-motd does not exist, not importing! + fi + + smtpd='/etc/mail/smtpd.conf' + if [ -f $smtpd ]; then + cp /etc/mail/smtpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/mail/smtpd.conf /var/run/smtpd.conf.0 + chown root /var/run/smtpd.conf.0 + chgrp wheel /var/run/smtpd.conf.0 + chmod 660 /var/run/smtpd.conf.0 + else + echo etc-smtpd does not exist, not importing! + fi + + dvmrpd='/etc/dvmrpd.conf' + if [ -f $dvmrpd ]; then + cp /etc/dvmrpd.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/dvmrpd.conf /var/run/dvmrpd.conf.0 + chown root /var/run/dvmrpd.conf.0 + chgrp wheel /var/run/dvmrpd.conf.0 + chmod 660 /var/run/dvmrpd.conf.0 + else + echo etc-dvmrpd does not exist, not importing! + fi + + sasync='/etc/sasync.conf' + if [ -f $sasync ]; then + cp /etc/sasync.conf /var/nsh/backup/pre-nsh-config/ + mv /etc/sasync.conf /var/run/sasync.conf.0 + chown root /var/run/sasync.conf.0 + chgrp wheel /var/run/sasync.conf.0 + chmod 660 /var/run/sasync.conf.0 + else + echo etc-sasyncd does not exist, not importing! + fi + + #setup and secure nshlog + touch /var/log/nsh.log + chown root /var/log/nsh.log + chgrp wheel /var/log/nsh.log + chmod 660 /var/log/nsh.log + #import running Openbsd kernel configuration + /usr/local/bin/nsh -c ./write-config.nshrc + #secure nshrc config file + chmod 660 /etc/nshrc + #Remove any networking config from /etc/ that conflicts with nsh + mv /etc/hostname.* /var/nsh/backup/pre-nsh-config/ + mv /etc/mygate /var/nsh/backup/pre-nsh-config/ + #can we import rc.conf.local to nsh config + mv /etc/rc.conf.local /var/nsh/backup/pre-nsh-config/ + cp nsh /etc/rc.d/ + chmod +x /etc/rd.d/nsh + rcctl disable pf ntpd + #Disable these network management daemons until we know how to integrate them ? + rcctl disable resolvd dhcpleased slaacd + #enable nsh + rcctl enable nsh + echo reboot device for nsh configuration to take effect + /usr/local/bin/nsh -c ./enable-sshd.nshrc + + else + exit + fi +fi blob - /dev/null blob + 9048768cae24c3d67326470392210a2e5703493a (mode 644) --- /dev/null +++ nsh-scripts/bin/write-config.nshrc @@ -0,0 +1,3 @@ +#!/usr/local/bin/nsh +enable +write-config