Install MurOS

From a freshly installed Debian 13 (Trixie) to a running firewall in about five minutes.

Prefer apt by hand, a source build or the release files? See other install methods below. Picking a box? See hardware sizing.

1. Prerequisites

A clean Debian 13 (Trixie) install, server profile (no desktop).
Root access (the install script must run as root).
At least one network interface reachable from the management subnet.
Outbound HTTPS to apt.muros.org for the repository and package.

Other distributions (Ubuntu, Rocky, RHEL) are not supported. MurOS uses Debian-specific drop-in paths.

2. Install

Run as root on the target machine:

curl -fsSL https://apt.muros.org/install.sh | sudo bash

The script:

Imports the repository signing key and writes /etc/apt/sources.list.d/muros.list (signed-by keyring).
Removes competing network managers (NetworkManager, ifupdown, netplan, systemd-resolved, ...) that conflict with the MurOS control plane.
Drops a selective policy-rc.d so feature daemons (Kea, unbound, etc.) do not auto-start during package configure.
Runs apt-get install muros from the repository.
Enables muros-backend, nginx and muros-boot.

Later upgrades flow through apt: apt update && apt install --only-upgrade muros.

Open https://<firewall-ip> in any browser. Default credentials:

Login    : root
Password : your existing root password

The web UI authenticates through PAM against the system root account, so you log in with the password root already has. MurOS does not reset it and does not force a change.

4. Optional flags

Env variable	Effect
MUROS_VERSION	Pin a specific version, e.g. `MUROS_VERSION=0.9.0-rc`. The repository keeps only the latest version, so this works for the current release.

5. Uninstall

curl -fsSL https://apt.muros.org/uninstall.sh | sudo bash

The uninstall script stashes the SQLite DB under /var/backups/muros/data-<timestamp> before removing the package. A reinstall restores it automatically.

6. Where things live

/opt/muros/                                  code (backend + built frontend)
/var/lib/muros/muros.db                      SQLite, the source of truth
/var/lib/muros/muros-secret.key              JWT signing secret (mode 0600)
/etc/muros/nftables.conf                     fully generated by MurOS
/etc/keepalived/keepalived.conf              fully generated
/etc/wireguard/wg0.conf                      fully generated
/etc/ssh/sshd_config.d/muros.conf            sshd drop-in
/etc/fail2ban/{filter.d,jail.d}/muros*       fail2ban drop-in
/etc/snmp/snmpd.conf.d/muros.conf            snmpd drop-in
/etc/sysctl.d/99-muros-hardening.conf        sysctl drop-in
/etc/kea/kea-dhcp4.conf                      Kea DHCPv4 config
/etc/unbound/unbound.conf.d/muros.conf       unbound drop-in (recursive DNS)
/etc/swanctl/conf.d/muros.conf               strongswan drop-in
/etc/nginx/sites-available/muros             nginx site (regenerated by HTTP Access UI)

MurOS never writes to /etc/network/interfaces, /etc/systemd/network/ or /etc/netplan/. Interfaces, VLANs and routes are replayed from the DB by muros-boot.service before network-online.target.

Other install methods

If you do not want to pipe a remote script into a shell, register the signed repository yourself:

curl -fsSL https://apt.muros.org/muros.asc | sudo gpg --dearmor -o /usr/share/keyrings/muros-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/muros-archive-keyring.gpg] https://apt.muros.org stable main" | sudo tee /etc/apt/sources.list.d/muros.list
sudo apt update
sudo apt install muros

Browse the repository, signing key and package index at apt.muros.org.

A plain .deb is attached to each GitHub release if you prefer a manual apt install ./muros_*_all.deb.

Build from source

On a Debian 13 build host:

git clone https://github.com/murosorg/muros.git
cd muros
bash packaging/build.sh
ls -la artifacts/

The script vendors the frontend build (via npm) and runs dpkg-buildpackage. Output is identical to the GitHub Actions artifact.

Releases and files

All releases are built by GitHub Actions and published to the signed apt repository at apt.muros.org. The individual files stay on the GitHub Releases page.

Latest pre-release

MurOS v0.9.0-rc

checking... · Debian 13 (Trixie) · amd64

All releases on GitHub →

File	Description
muros_VERSION_all.deb	Main package, ~25 MB.	Get
muros_VERSION_all.deb.sha256	SHA-256 sum of the .deb.	Get
install.sh	Registers the apt repository and installs the package.	Raw
uninstall.sh	Stashes DB, then apt-removes the package.	Raw

Loading recent releases from GitHub...

Beta status. MurOS is currently in beta (0.9.0 release candidate cycle). Run it on a staging firewall first, validate every page against your topology, then promote.