#!/bin/bash

hostname=$(hostname)
default_email="root"

OSSEC_HOME="/var/ossec"
SYSCHECK_CONTROL="${OSSEC_HOME}/bin/syscheck_control"
AGENT_CONTROL="${OSSEC_HOME}/bin/agent_control"

function help () {

	cat <<-EOM
	Wrapper script around ossec "syscheck_control" and "agent_control" commands.
	EOM

        echo
        echo "$0 [-h] [-m] [-l] [-u] [-c] [-r] [-s] [-e] [-S] [-L]"
        echo
        echo "-h|--help              : help"
        echo "-m|--manual            : man page"
        echo "-l|--list              : list all modified files since last database update"
        echo "-u|--update            : update syscheck database"
        echo "-c|--config            : show ossec configuration"
        echo "-r|--re-scan           : force syscheck/rootcheck re-scan"
        echo "-e|--email-report      : sends output of the --list command to root mail"
        echo "-S|--service-restart   : restart ossec service"
        echo "-s|--service-status    : check ossec service status"
        echo "-L|--logs              : show ossec logs"
        echo
        exit 0
}

function manual () {
cat <<-MANUAL
    $(perldoc -t "$0")
MANUAL
}

if [[ $# -eq 0 ]]; then
   help
   exit 1
fi

if [[ ! $1 =~ ^(-.*)$  ]]; then
   echo "Error: Unknown option: $1" >&2
   echo
   help
   exit 2
fi

while :
do
    case "$1" in
      -h | --help)
          help
          exit 0
          ;;
      -m | --manual)
          manual
          exit 0
          ;;
      -l | --list)
           list=1
           shift 1
           ;;
      -u | --update)
           update=1
           shift 1
           ;;
      -c | --config)
           config=1
           shift 1
           ;;
      -L | --logs)
           logs=1
           shift 1
           ;;
      -r | --re-scan)
           re_scan=1
           shift 1
           ;;
      -S | --service-restart)
           restart=1
           shift 1
           ;;
      -s | --service-status)
           status=1
           shift 1
           ;;
      -e | --email-report)
           report=1
           shift 1
           ;;
      --confirm)
           choice=yes
           shift 1
           ;;
      -*)
          echo "Error: Unknown option: $1" >&2
          echo
          help
          ;;
       *)
          break
          ;;
    esac
done

## funtion to list all modified files since last syscheck database update
function list_modified_files {
    echo "listing modified files since last syscheck database update"
    echo
    ${SYSCHECK_CONTROL} -i 000
}

## funtion to show ossec logs
function show_logs {
    echo "### start of ossec logs ###"
    echo
    less ${OSSEC_HOME}/logs/ossec.log
    echo
    echo "### end of ossec logs ###"
}

## funtion to show ossec config
function show_config {
    echo "### start of ossec config ###"
    echo
    less ${OSSEC_HOME}/etc/ossec.conf
    echo
    echo "### end of ossec config ###"
}

## funtion to restart ossec service
function ossec_restart {
    echo "### restarting ossec service ### "
    service ossec restart
    echo "### restarted ossec service ###"
}

## funtion to check ossec service status
function ossec_status {
    echo "### ossec service status ### "
    service ossec status
}

## function to force syscheck/rootcheck scan
function ossec_re_scan {
    echo "forcing syscheck/rootcheck re-scan"
    echo
    ${AGENT_CONTROL} -r -u 000
}

## funtion to send email report of modified files since last update
function email_report {

        tmp=/tmp/ossec-report-$$
        ${SYSCHECK_CONTROL} -i 000 > $tmp

        if grep -q 'No entries found' $tmp
        then
           echo "No modified files since last database update; Not sending report to root mail"
           exit 0
        else
           mail -s "OSSEC Daily Report (${hostname})" ${default_email} < $tmp
           echo "Report sent to root mail successfully"
        fi

        rm -f $tmp
}

## function to update syschech database and restart ossec service.
function update_database {

    if [[ "$choice" == "yes" ]]
    then
       ${SYSCHECK_CONTROL} -u 000

       sleep 5

       echo "restarting ossec service"

       service ossec restart

    else
       echo "Not updating syscheck database"
       echo "To confirm update, you need to add --confirm argument along with -u/--update argument"
    fi
}

## MAIN ##

# If /var/ossec/bin/syscheck_control does not exist, abort now.
if [[ ! -f ${SYSCHECK_CONTROL} ]]; then
    echo "Error: missing syscheck_control executable, Check ossec package got installed or not??"
    exit 1
fi

if [[ ${update} == "1" ]] ; then
    update_database
fi

if [[ ${report} == "1" ]] ; then
    email_report
fi

if [[ ${restart} == "1" ]] ; then
    ossec_restart
fi

if  [[ ${logs} == "1" ]] ; then
    show_logs
fi

if [[ ${config} == "1" ]] ; then
    show_config
fi

if [[ ${re_scan} == "1" ]] ; then
    ossec_re_scan
fi

if [[ ${status} == "1" ]] ; then
    ossec_status
fi

if [[ ${list} == "1" ]] ; then
    list_modified_files
fi

exit 0


##############################################################################
# Documentation.  Use a hack to hide this from the shell.  Because of the
# above exit line, this should never be executed.
#############################################################################
DOCS=<<__END_OF_DOCS__

=head1

=head1 NAME

ossec-syscheck: Wrapper script around ossec "syscheck_control" and "agent_control" commands.

=head1 SYNOPSIS

ossec-syscheck -h

=head1 DESCRIPTION

This is a Wrapper shell script around ossec "syscheck_control" and "agent_control" commands to
perform  following tasks

        - list all modified files since the database was last reset
        - update the Syscheck database
        - force syscheck/rootcheck re-scan
        - ossec config and logs
        - restart ossec service
        - check ossec service status
        - send report of modified files to root mail


agent_control    - allows you to query the manager for information about any agent and also allows
                   you to initiate a syscheck/rootcheck scan on an agent the next time it checks in.

syscheck_control - provides an interface for managing and viewing the integrity checking database.

=head1 OPTIONS

=over 8

=item -h | --help

a short usage message. Short circuits all other processing (optional).

=item -l | --list

lists modified files since last update.

=item -c | --config

shows ossec configuration file (/var/ossec/etc/ossec.conf).

=item -r | --re-scan

forces syscheck/rootcheck re-scan

=item -s | --service-status

shows ossec service status

=item -S | --service-restart

restarts ossec service

=item -L | --logs

shows ossec logs (/var/ossec/log/ossec.log)

=item -e | --email-report

sends output of the --list command to root mail

=item -u | --update

update syscheck database; this deletes the database and restarts the ossec service
which triggers a fresh scan (this option requires the --confirm argument along with
-u/--update to update the database)

=item -m | --manual

This documentation.

=back

=head1 EXAMPLES

show all files that have changed since the database was last reset:

     ossec-syscheck --list

reset the database (useful after patching):

     ossec-syscheck --update --confirm

show the last 100 lines of the ossec log files

     ossec-syscheck --logs | tail -n 100

show ossec config

     ossec-syscheck --config | less

=head1 AUTHOR

Srinivas Rao Puttagunta <psr123@stanford.edu>

=cut

#############################################################################
#############################################################################

__END_OF_DOCS__
