FEATURES.md

Features

Complete list of all modules and their features.

APT Manager

Manage and maintain APT packages and updates.

• Check and install updates - Shows all available updates in a checklist (preselected), allows selective updates
• Update package lists - Run apt update
• Install common packages - Curated list of useful packages (hides already installed)
• Install package - Install by name
• Remove package - With option to purge configs
• Search packages - Search apt cache
• Show package info - Display package details
• List installed packages - With optional filter
• Clean up APT cache - autoremove, autoclean, clean
• Fix broken packages - dpkg --configure and --fix-broken
• Add PPA repository
• Show cache info - Cache size, package counts
• Show APT history

CrowdSec

Install and manage CrowdSec IDS/IPS (Intrusion Detection and Prevention System).

• Quick setup - Install common protection collections and firewall bouncer with checklist:
  • crowdsecurity/linux (base OS protection)
  • crowdsecurity/sshd (SSH brute force)
  • crowdsecurity/http-cve (HTTP exploits)
  • crowdsecurity/base-http-scenarios (HTTP attacks)
  • crowdsecurity/nginx (Nginx protection)
  • crowdsecurity/apache2 (Apache protection)
  • Firewall bouncer installation option
• Show CrowdSec status - Service status, version, LAPI/CAPI/Console connection status, scenarios/collections/decisions/bouncers counts, hub status
• Show active decisions - List all current bans with IP, reason, duration, scenario, type
• Install/Uninstall CrowdSec - With automatic Quick Setup wizard after installation
• Service control - Start, stop, restart, reload, show systemd status
• View logs - Service logs (journalctl), decision logs, log file
• Ban IP manually - Add custom ban with:
  • IP validation
  • Duration (4h, 2d, 1w, 0 for permanent)
  • Ban type (ban, captcha, throttle)
  • Custom reason
• Unban IP - Remove specific IP ban
• Clear all bans - Remove all active decisions with confirmation
• Manage whitelist - Show, add, remove whitelisted IPs (never banned)
• Show installed scenarios - List all scenarios with status
• Manage collections - List, install, remove, update hub index, upgrade all items
• Manage bouncers - List, install firewall bouncer, add custom bouncer (get API key), remove
• Cloud Services (CAPI/Console) - Central API and Console management:
  • Check Central API (CAPI) status - Shows community threat intelligence connection
  • Register with Central API - Share/receive threat intelligence with the community
  • Console enrollment status - Check if enrolled to web dashboard
  • Enroll to CrowdSec Console - Web dashboard for monitoring and centralized management
• Manage parsers - List, install, remove, upgrade parsers
• Manage postoverflows - List, install, remove postoverflows
• Acquisition configuration - View, edit, test log source configuration
• Toggle simulation mode - Enable/disable simulation (test scenarios without real bans)
• Explain decision for IP - Show why an IP was banned (decisions, alerts, timeline)

Custom Scripts

Install custom utility scripts system-wide for all users.

• List available scripts - Show all scripts with installation status and descriptions
• Install scripts - Select scripts to install to /usr/local/bin via checklist
• Update all installed scripts - Re-copy all currently installed scripts from source to pick up any changes
• Uninstall scripts - Select installed scripts to remove
• View script content - View the source of any available script

Cron Jobs

Manage cron jobs and schedules for users and system.

• View user crontab - Select and view a specific user's crontab with syntax highlighting (if bat is installed)
• Edit user crontab - Edit a user's crontab using system editor
• Edit system cron file - Edit system cron files from /etc/cron.d, /etc/cron.daily, /etc/cron.hourly, /etc/cron.monthly, /etc/cron.weekly, /etc/cron.yearly
• Install system cron files - Install pre-configured cron jobs to /etc/cron.d/ with content preview and validation
• Uninstall system cron files - Remove installed system cron jobs
• Available pre-configured cron jobs:
  • rclone-selfupdate - Update rclone daily at 16:00
  • system-reboot - Scheduled system reboot daily at 03:00 (with 5-minute warning)
  • apt-update-weekly - Update and upgrade packages weekly on Sundays at 02:00
  • docker-cleanup - Clean up unused Docker resources weekly on Saturdays at 04:00
  • certbot-renew - Renew SSL certificates automatically twice daily
  • backup-databases - Backup all MySQL/MariaDB databases nightly at 01:00
  • log-rotation-custom - Compress logs older than 7 days weekly on Sundays at 05:00
  • temp-cleanup - Clean /tmp and /var/tmp daily at 06:00

Docker Install

Install and manage Docker CE.

• Show Docker status - Version, service state, container/image counts, disk usage
• Install Docker CE - Using official installation script
• Uninstall Docker - With option to remove data
• Deploy containers - Deploy pre-configured containers from compose templates:
  • watchtower - Automatic Docker container updater (updates daily at 3 AM)
  • dockge - Docker Compose stack manager web UI (port 5001)
  • backrest - Backup solution with restic backend (port 9898)
  • databaseus - Database management tool (port 4005)
  • bentopdf - PDF generation service (port 8080)
  • omnitools - Collection of useful web tools (port 8180)
  • wg-easy - WireGuard VPN with web UI (VPN port 55523, UI port 8280)
  • Containers deployed to /opt/docker/<name>/compose.yml
  • Multi-select support for batch deployment
• List containers - Show all containers with status
• List images - Show all images with size
• Manage networks - List, add, remove Docker networks
• View logs - Docker daemon logs or container logs
• Clean up unused data - Prune containers, images, volumes, networks
• Manage Docker service - Start, stop, restart, enable/disable

Podman

Install and manage Podman — a daemonless, rootless-capable container engine. Docker-compatible CLI with first-class systemd integration via Quadlets.

• Show Podman status - Version, rootful socket state, auto-update timer state, compose implementation, companion tool presence, rootful container/image counts, rootless users with linger enabled
• Install Podman - apt-based install with optional components via checklist:
  • podman-compose - Docker Compose compatible CLI (python)
  • buildah - Daemonless OCI image builder
  • skopeo - Copy/inspect images between registries
  • podman-docker - Install docker CLI shim (with conflict warning if Docker is installed)
  • cockpit-podman - Web UI for podman via Cockpit
  • Always installs rootless prerequisites: uidmap, slirp4netns, fuse-overlayfs, containers-storage
  • Optional: enable rootful podman.socket (Docker-compatible API)
  • Optional: enable podman-auto-update.timer
• Uninstall Podman - Purge packages, disable sockets/timers, optional data removal
• Configure rootless Podman (per user):
  • Enable for a user - Allocates /etc/subuid and /etc/subgid range (100000-165535), enables user linger, starts user podman.socket, runs podman system migrate, prints DOCKER_HOST hint
  • Disable for a user - Stops user socket, disables linger
  • Show subuid/subgid - View current allocations
• Deploy compose stacks - Selects podman compose (native, 4.4+) or falls back to podman-compose; deploys YML templates to /opt/podman/<name>/compose.yml:
  • bentopdf - PDF generation service (port 8080)
  • homepage - Self-hosted service dashboard (port 3000)
• Deploy systemd Quadlets - Rootful (/etc/containers/systemd/) or rootless (~/.config/containers/systemd/); triggers daemon-reload; offers to start units:
  • caddy.container - Caddy reverse proxy with auto-HTTPS
  • homepage.container - Homepage dashboard as a systemd unit
• List containers - podman ps -a
• List images - podman images
• Manage volumes - List and remove rootful volumes
• Manage networks - List, add (IPv4 + optional IPv6), remove (netavark)
• View logs - podman.socket journal logs or per-container podman logs
• Clean up unused data - Prune containers, images, volumes, networks, or all
• Manage podman.socket - Start, stop, restart, enable/disable (rootful)
• Auto-update timer - Enable/disable podman-auto-update.timer, show next-run status, trigger manual podman auto-update
• Edit search registries - Configure unqualified-search-registries in /etc/containers/registries.conf (with hostname validation, sed_escape, and automatic .bak backup)

Fail2ban

Install and configure fail2ban intrusion prevention.

• Quick setup - Install and enable common jails
• Show status - Overall fail2ban status
• Show statistics - Ban counts per jail
• Show jail status - Individual jail details
• Show banned IPs - All banned IPs per jail
• Install/Uninstall fail2ban
• Configure defaults - Ban time, find time, max retries, ban action, email
• Enable jail - SSH, Apache, Nginx, Postfix, Dovecot, MySQL, custom
• Disable jail
• Ban/Unban IP manually
• Clear all bans - Unban all IPs from all jails
• Whitelist IP - Never ban specific IPs (with IP validation)
• View log
• Restart service

Hostname Manager

Configure system hostname and related settings.

• Show hostname information - Current hostname, FQDN, hostnamectl status, /etc/hosts
• Set hostname - With validation, option for all/static/transient/pretty
• Set pretty hostname - Human-readable name
• Edit /etc/hosts - View, add, remove, edit entries
• Set chassis type - desktop, laptop, server, VM, container, etc.
• Set deployment environment - development, integration, staging, production
• Set location - Physical location description
• Set icon name

NTP Client

Configure time synchronization using systemd-timesyncd.

• Quick setup - Configure pool, timezone, enable sync
• Show status - Current time sync status
• Configure NTP servers - Global pools or country-specific (ntppool.org)
  • Regions: Global, Africa, Asia, Europe, North America, South America, Oceania
  • Countries: 60+ countries available
• Configure timezone - Browse by region
• Enable/Disable NTP sync
• Force time sync
• Set time manually

Network Manager

Configure network interfaces using netplan.

• Show network status - Interface info, IP addresses, routes, DNS
• Test connectivity - DNS, ping, and HTTP tests
• Show routing table - IPv4 and IPv6 routes
• Quick setup - Guided interface configuration
• Configure IPv4 - DHCP, static IP, or disable
• Configure IPv6 - Auto (SLAAC), DHCPv6, static IP, or disable
• Add static route - Temporary route via gateway
• View DNS configuration - Show resolv.conf
• Disable IPv6 system-wide - Via sysctl (affects all interfaces)
• Enable IPv6 system-wide - Remove sysctl disable
• Show netplan config - Display current netplan YAML
• Apply netplan - Apply configuration changes
• Restart networking - Restart systemd-networkd

Software Installer

Install software not available via APT.

• Show installation status
• Install multiple software - Checklist (hides already installed)
• Update all installed - Update all installed software at once
• Uninstall software - Remove installed software
• Available software:
  • rclone - Cloud storage sync tool
  • lazydocker - Docker TUI
  • lazygit - Git TUI
  • btop - Better resource monitor
  • bat - Better cat with syntax highlighting
  • fd - Better find
  • ripgrep - Better grep
  • fzf - Fuzzy finder
  • yq - YAML processor
  • starship - Cross-shell prompt
  • gocryptfs - Encrypted overlay filesystem
  • ctop - Container top (Docker/Podman wrapper, auto-detects runtime)
  • dtop - Container top (Docker/Podman wrapper, auto-detects runtime)

MOTD Manager

Configure system Message of the Day banner.

• Show status - Banner installation status
• Show current MOTD - Preview generated MOTD
• Install MOTD banner - ASCII art hostname with figlet, system info, font selection, static/pretty hostname option
• Remove MOTD banner
• Manage MOTD scripts - Enable/disable scripts in /etc/update-motd.d

SSH Manager

Configure SSH server settings and security.

• Show SSH status - Uses sshd -T for effective configuration (falls back to config file parsing)
• Install colored prompt - Format: username@pretty-hostname /path $ (Username=Red/Green, @=Yellow, Hostname=Light Blue, Path=Yellow)
• Remove colored prompt
• Change SSH port
• Configure root login - keys only, password, disabled, forced-commands-only
• Configure password authentication
• Harden SSH - Apply security best practices:
  • Disable root password login
  • Disable password authentication (keys only)
  • Disable empty passwords
  • Disable X11 forwarding
  • Max 3 auth tries
  • 60s login grace time
  • Disable TCP forwarding
  • Strict modes
  • Client alive timeout
• Advanced settings - X11, TCP forwarding, compression, banner, timeout
• Manage SSH keys - List, add, generate, remove authorized keys
• Restart SSH service

System Info

Display system information.

• Show system overview
• CPU information
• Memory information
• Disk usage
• Network information
• Hardware information
• System temperatures
• Export system report

VM Guest Agents

Install guest agents for virtual environments.

• Detect virtualization - Auto-detect hypervisor environment
• Show status - Installation status of all guest agents
• VMware Tools - For VMware ESXi, Workstation, Fusion (open-vm-tools)
• QEMU Guest Agent - For Proxmox, KVM, QEMU, libvirt
• VirtualBox Guest Additions - For Oracle VirtualBox
• Hyper-V Daemons - For Microsoft Hyper-V
• Xen Tools - For Citrix XenServer, XCP-ng

UFW Docker

Configure UFW to work properly with Docker (ufw-docker).

• Install ufw-docker - Fixes Docker bypassing UFW
• Uninstall ufw-docker
• Show status
• Allow container port
• Delete container rule

UFW Manager

Manage UFW firewall rules and settings.

• Install UFW
• Show UFW status
• Enable/Disable UFW
• Add allow rule - By port, service, IP, subnet
• Add deny rule - By port, IP, subnet
• Delete rule - By rule number
• Set default policies - incoming/outgoing
• Quick setup - Common services (SSH, HTTP, HTTPS, MySQL, PostgreSQL, etc.)
• Reset UFW

Unattended Upgrades

Configure automatic system updates.

• Show status
• Enable/Disable unattended upgrades
• Configure automatic reboot - Enable, disable, set time
• Configure remove unused dependencies
• Configure update origins - Security, updates, proposed, backports (writes directly to config file)
• Run unattended-upgrade now

Update Alternatives

Manage system alternatives using the Debian/Ubuntu update-alternatives system.

• Browse and configure - Ultra-simple workflow:
  • View all system alternatives with current mode (auto/manual) and path
  • Select any alternative → immediately shows native configuration dialog
  • Make your choice or press CTRL+C to cancel
  • Immediately shows result dialog with detailed feedback:
    • Success: Shows what changed (before/after paths)
    • No change: Indicates same option was selected
    • Cancelled: Confirms cancellation
    • Error: Shows error details
  • No intermediate screens, prompts, or waiting
• Smart handling:
  • Automatic validation (single-option alternatives are handled gracefully)
  • Proper CTRL+C abort detection with trap handling
  • Before/after comparison to show exactly what changed
  • Immediate feedback via UI dialogs
  • Returns directly to menu after any action
  • Requires root privileges
  • Native system interface (update-alternatives --config)
• Common alternatives managed:
  • editor (vim, nano, etc.)
  • pager (less, more, etc.)
  • awk (gawk, mawk, etc.)
  • x-terminal-emulator (terminal applications)
  • x-www-browser (web browsers)
  • And many more system commands

User Management

Manage system users and groups.

• Add new user - With password, groups selection
• Modify user groups
• Delete user - With option to remove home directory
• View user information - Details or list all users