• NetBSD

  • Global NetBSD Script Project

Hello everyone,

A small project I'm working on NetBSD.
I would like your opinion.
I often switch between operating systems and sometimes write a good number of scripts to speed things up a bit.
It's sometimes tiring to switch from one environment to another, especially since the differences are often significant.

Apart from the old Webmin, I haven't found, on NetBSD, a module to help facilitate the configuration of a server (at least for basic tasks), so I came up with the idea of ​​writing a small collection of functions, grouped into a script, with a dialog screen display to make configurations more pleasant.
Initially, I was doing this for myself, being more used to FreeBSD than NetBSD which I am discovering little by little, I thought it could be a good way to learn and that ultimately it could possibly interest other people (or not.. it's up to you to tell me!).
I think this could make it easier to transition from a mainstream operating system to a BSD system like NetBSD for some people (CLI-phobes).
The choice of dialog will certainly provoke a backlash from some. I'm not fiercely attached to dialog, the idea is to make it all more pleasant for CLI-phobes, that's all.
So it can be an open question. dialog or not.. Usually, simple echoes and an index to choose an option are enough for me.

Currently, the script already allows the completion of these tasks:

- Setting up the NPF firewall with a customizable default rules file
- Guided or customizable SSH configuration
- Checking internet connection
- Automatic configuration of a Wifi connection
- User and group management
- sudo configuration for a user
- Installation of the ClamAV antivirus with optimized settings and addition of the securiteinfo.com and    SaneSecurity bases
- Possibility to run an antivirus scan on / or /home in the background
- Update of bases added to ClamAV
- ClamAV logs management (timestamped compression .xz, visualization)
- ISO image burning on CD
- ISO image burning (or .usb) on USB device
- NTFS, FFSv1, FFSv2 formatting
- Mounting/unmounting USB devices NTFS, FFSv1, FFSv2
- Secure erasure of USB devices (dd)
- Reconstruction of the locate index
- Installation of the complete XFCE4/slim desktop environment
- Installation of usual desktop applications (choice or entire bundle)
- Installation of usual utilities (choice or entire bundle)
- Configuration of a network printer with PPD file.
- Setting up a VPN connection with the OVPN provider (adapted from FreeBSD)

The project is still in its early stages (I only started about a week ago, a few hours here and there), and it's just a script, written in the most basic standard shell possible to make it not unbearable (not always easy with dialog anyway), I don't intend to make it an application.

Given that I have already written a whole collection of scripts for the automatic deployment of virtual hosts for several CMS in HTTPS (with incorporation of signed or self-signed SSL certificates) on apache or nginx on FreeBSD, configuration of SFTP servers, XMPP, setting up local or remote rsync synchronizations, cron task management, automatic RAID configuration etc.. I won't take long to adapt them to NetBSD.
Many things can be done quite quickly, up to offering standard services (I'm thinking of YASM on opensuse for example).
I am also open to suggestions. This could be a collaborative project.

If the project may interest some of you, and if the dialogue proves to be constructive, then I could publish it and continue to write it.

Just a few screenshots :



    Seems interesting. I didn't know this fork. It's limited to 32bit right ?
    I'll have a look. Thank you.

    @majekla Kudos! Source repo?

    I have begun a similar undertaking for OpenBSD (and subsequently others).
    Status of mine is "bits of sketch of proof of concept", and no repo to show.
    "in pain thou shalt bring forth children" - this is how it goes.
    Still, I don't feel like abandonig the effort.
    Currently bracing myself for the 3rd iteration of shaping the project.

    In theory, it would be awesome to collaborate
    but I am quite opinionated on the design
    and currently suffering a NIH syndrome
    so no promises to be made 🙂

    Here is the script :

    http://tinyurl.com/global-netbsd102
    sha256 : 79b9d0e6d614add3cfce2e763b3a5a88b40c98621f1faf4d438082b16be30b20

    Last Updates :

    • Added poweroff and reboot on main menu.
    • Fixed the sudo script
    • Just added curl installation for first execution.
      Necessary for checking internet connectivity.
      Had forgotten it, sorry

    Here is the script, plain and simple.
    No commits. I'll see about that later, for now I'm moving forward.
    The script is a bit messy, not clean at all...
    I'll tidy it up later. Right now, I'm adding as many features as possible.
    The checks are designed to verify if you haven't used other features upstream (for example, if you set up SSH and change the port, the script will check if you haven't forgotten to change the port in the firewall, etc...).

    It's somewhat tailored to my needs, which may include standard desktop computer features (internet access via wifi... office software, etc.).
    I'm about to add CMS and other web services soon.

    Currently, it is divided into 8 parts:

    • Network :
      --- Check Internet Connection
      --- Restart DHCP Service
      --- Enable IP forwarding
      --- Disable IP forwarding
      --- Switch from Ethernet to Wifi
      --- Connect to a Wifi Network
      --- Switch (back) from Wifi to Ethernet

    • Security :
      --- Firewall
      ------ Configure NPF
      ------ View NPF Status and Active Rules
      --- Configure SSH
      --- Fail2ban
      ------ Configure Fail2ban
      ------ Show status
      ------ Open fail2ban log
      ------ Archive fail2ban log
      ------ Show banned IP
      ------ Unban an IP
      --- Anti-virus
      ------ Install ClamAV with securiteinfo/sanesecurity databases
      ------ Update SaneSecurity ClamAV databases
      ------ Run a full antivirus scan
      ------ Run an antivirus scan of /home
      ------ Show ClamAV scan log
      ------ Archive ClamAV log file
      ------ Clear ClamAV log file
      --- Set up OVPN VPN

    • Users and Access Rights Menu
      --- Display list of users
      --- Create a user
      --- Check user existence
      --- Delete a user
      --- Display list of groups
      --- Create a group
      --- Check group existence
      --- Delete a group
      --- Add user to a group
      --- Remove user from a group
      --- Install sudo and add user to sudo group

    • Programs
      --- Install desktop applications
      --- Install usual utilities

    • Web Server
      (I'll start it soon)

    • Disk Management
      --- Format a USB device to FFSv1
      --- Format a USB device to FFSv2
      --- Format a USB device to NTFS
      --- Format a USB device to exFAT (working but not perfect)
      --- Securely erase a USB device
      --- Mount a USB device to /media/dkX
      --- Unmount a USB device mounted to /media/dkX
      --- Burn .iso to a USB device
      --- Burn .iso to a CD
      --- Rebuild locate index

    • Services
      --- OpenSSH File Server
      ------ Configure a SFTP file server with OpenSSH
      ------ Create a SFTP user
      ------ List SFTP users
      ------ Delete a SFTP user
      ------ Change password for a SFTP user
      ------ Disable a SFTP user account
      ------ List SFTP disabled users
      ------ Re-eanble a SFTP user account

    • Desktop Environment
      --- Install XFCE4/Slim desktop environment

    • uxer replied to this.
    • Jay likes this.

      It should FIRST, be tested on a clean VM, or on a mini-pc/laptop with a fresh install of NetBSD.
      Don't use it on ready servers as I have certainly missed a lot of entanglement.

      9 days later

      majekla Here is the script :

      http://tinyurl.com/global-netbsd102
      sha256 : 79b9d0e6d614add3cfce2e763b3a5a88b40c98621f1faf4d438082b16be30b20

      The link doesn't open for me - tried a few times - but
      torsocks wget http://ekladata.com/g4VxJprLoDKTrhtqds-GKDkFtrU/global-netbsd.sh
      did it.

      The script is quite a feat.
      It deserves shellchecking (install locally && shellcheck global-netbsd.sh), then putting in a repo, a project webpage, many stars and eager testers and then happy users

          uxer Thank you for your comment.
          I'm really sorry it's difficult to download. Ekladata is often blocked outside of France, it's a real pain!
          I'm juggling a lot of things right now, and I haven't had a chance to set up a git repository for this script yet. To be honest, I started writing it on a whim, not really knowing if anyone would be interested, or having a long-term plan for it. So the code is a bit of a mess. I wrote as fast as I could to put a lot of things in very quickly.
          I took a break to focus on illumos this past week.
          But if there's genuine interest, I'll set up a git repository and clean everything up.

            Hi, small feedback,

            I checked your (big) script, I like the idea.

            However I saw some French in your script notably in the VPN part.

            It did not look like translation or locale support.

            I can speak French so it is not a problem for me. But it might be for others 🙂

            Also there was some encoding problems.

            My browser reads UTF-8, and had things such as "Seule la région"

            But good job overall 🙂 nice to see these kind of projects, this helps accessibility.

              naguam Thank you. Yes indeed, this part is not yet translated and I also need to shorten it.
              It comes from a script I had written for FreeBSD some time ago and that I simply adapted for NetBSD, but due to its length, I hadn't translated it yet.
              I will get back to it this week.

              • Jay likes this.

                I reviewed the entire script today, refactored the OVPN function (it went from 5000 lines to 150 :-D), and translated it into English. However, I haven't integrated dialog screens for now with OVPN.
                I fixed everything I could in the code but haven't re-tested everything yet; I'll do that tomorrow if I have some time.

                I'm starting to question the use of a graphical interface... I don't know.
                Personally, I dislike ; Simple echos with a clean layout are often enough for me.

                Here is the link (still in France.. a pain to download sorry) :
                https://tinyurl.com/global-netbsd103
                sha256 : 9222574373539275ABE34FE15936EBCCDB7C50E00223B73FB19B448BC3D6E5FF

                • pin replied to this.

                  majekla Here is the link ... a pain to download sorry

                  Why not a git repository? You don't need to use Github/Gitlab, you could use codeberg.org or, self-host it at https://git.asdf.cafe
                  Or, another alternative you fancy.

                  I don't believe in simply download random files using a direct link. Too dangerous.

                      7 days later

                      majekla The choice of dialog will certainly provoke a backlash from some. I'm not fiercely attached to dialog, the idea is to make it all more pleasant for CLI-phobes, that's all.
                      So it can be an open question. dialog or not.. Usually, simple echoes and an index to choose an option are enough for me.

                      https://joeyh.name/code/pdmenu/
                      https://www.linuxlinks.com/pdmenu/
                      https://www.youtube.com/watch?v=r8GS1bpgoYo

                      just stumbled upon, haven't tried it. JFYI