#!/bin/bash

# Copyright (C) 2017  Tetras Libre <admin@tetras-libre.fr>
# Author: Beniamine, David <David.Beniamine@tetras-libre.fr>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

DIR=`dirname $0`
$DIR/configure_base_tools.sh
. $DIR/main.env
. $DIR/installNextcloud.env
if [ -z "$MODS" ] || [ -z "$MAINTENANCE_LEVEL" ]
then
    echo "Please update your main.env"
    exit 1
fi

# Base system update
aptitude update
if [ "$MAINTENANCE_LEVEL" == "upgrade" ]
then
    aptitude upgrade
else
    unattended-upgrade -d
    apt-get install `apt-get -s dist-upgrade | awk '/^Inst.*Security/{print $2}'`
fi

# Update modules
for mod in $MODS
do
    script="$DIR/upgrade$mod.sh"
    if [ -f $script ]
    then
        /bin/bash $script
    fi
done
customfile="$DIR/upgradeCustom.sh"
if [ -f "$customfile" ]
then
    /bin/bash $customfile
fi

# Check rootkits and antivirus
if [ `grep -c "^ALLOWHIDDENDIR=/etc/.java" /etc/rkhunter.conf` -eq 0 ]
then
    echo "ALLOWHIDDENDIR=/etc/.java" >> /etc/rkhunter.conf
fi
if [ `egrep -c '^\s*WEB_CMD="/bin/false"' /etc/rkhunter.conf` -gt 0 ]
then
    sed -ie 's@^\s*\(WEB_CMD="/bin/false"\)@# \1@' /etc/rkhunter.conf
fi
sed -ie 's/ALLOW_SSH_ROOT_USER=.*/ALLOW_SSH_ROOT_USER=prohibit-password/' /etc/rkhunter.conf
rkhunter --update > /dev/null
rkhunter --propupdate
rkhunter --sk -c
if [ `crontab -l | grep -c "clamav-weekly"` -eq 0 ]
then
    echo -e "\tERROR : clamav weekly not installed"
else
    cat /var/log/clamav.log
fi

df -h

# Check docker is running
if [ ! -z "`echo $MODS | grep -i collabora`" ]
then
    docker ps -a
fi

# Restart services
services="`checkrestart | awk '/^service/{print $2} /^systemctl/{print $3}'` \
    $EXTRAS_SERVICES_TO_RESTART"
[ ! -z "$services" ] && systemctl restart $services
checkrestart
echo -e "\tPlease check that the following services are up and running"
if [ "${WEB_SERVER}" == "apache2" ]
then
    apache2ctl -S 2>/dev/null | awk '/namevhost/{print "https://"$4}' | sort -u | grep -v "127.0...1"
else
    awk '/^[ \t]*(server_name|server_alias)/{gsub(/;$/, "", $2); print "https://"$2}' /etc/nginx/*-enabled/* | sort -u
fi

# Check if reeboot is requird
last_kernel="$(dpkg -l | awk '/linux-image-[0-9]/{print $2}' | sort -rn | head -n 1)"
running_kernel="linux-image-$(uname -r)"
if [ "$last_kernel" != "$running_kernel" ]
then
    echo "Running on an old kernel, reboot required"
fi