#!/bin/bash

DATE=$(date --iso-8601)
PLYMOUTH_BIN="/bin/plymouth"

PROFILE=
if [ -z "${1:-}" ]; then
    PROFILE='integalert'
elif [ "$1" == "fix" ]; then
    PROFILE='integalert_fix'
else
    echo "Unknown command: $1" >&2
    echo "Usage: ${0##*/} [fix]" >&2
    exit 1
fi

if [ -z "$PROFILE" ]; then
    echo "BUG: empty profile" >&2
    exit 2
fi

if [ ! -d /etc/osec/$PROFILE ]; then
    echo "Create osec profile \"$PROFILE\"" >&2
    mkdir -p /etc/osec/$PROFILE
fi

case "$PROFILE" in
    integalert)
        if [ ! -e /etc/osec/$PROFILE/pipe.conf ]; then
            cat >/etc/osec/$PROFILE/pipe.conf <<EOF
IMMUTABLE_DATABASE=yes
EOF
        fi
        ;;
    integalert_fix)
        if [ ! -e /etc/osec/$PROFILE/pipe.conf ]; then
            cat >/etc/osec/$PROFILE/pipe.conf <<EOF
IMMUTABLE_DATABASE=no
EOF
        fi
        ;;
    *)
        echo "BUG: unexpected profile: $PROFILE" >&2
        exit 3
        ;;
esac

/usr/share/osec/osec.cron $PROFILE
ret=$?

case "$PROFILE" in
    integalert_fix)
        if [ $ret -eq 0 ]; then
            echo "Integrity database updated."
        else
            echo "Error updating integrity database!"
        fi
        exit $ret
        ;;
esac

if grep -q "(chg=0,add=0,del=0)" /var/log/lastosec  ; then
  echo "Integrity check OK"
  mkdir -p /var/log/lastosec_logs
  mv -f /var/log/lastosec "/var/log/lastosec_logs/lastosec_${DATE}"
else
  mkdir -p /var/log/lastosec_logs
  mv -f /var/log/lastosec "/var/log/lastosec_logs/lastosec_${DATE}"
  [ ! -x "$PLYMOUTH_BIN" ] || $PLYMOUTH_BIN quit
  echo "" >/dev/tty1
  echo -e "\r**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "Integrity failure,возможное нарушение целостности - проверьте логи в однопользовательском режиме\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo -e "**************************\r" >/dev/tty1
  echo "" >/dev/tty1
  echo -e "\n**************\n  Integrity failure,возможное нарушение целостности - проверьте логи в однопользовательском режиме\n**************\n"
 exit 1
fi
exit 0
