#!/bin/sh
#
# Script to get package list from servers
#

set -e

IVULNCHECK_API_URL=http://127.0.0.1/ivulncheck_api
IVULNCHECK_PATH=/root/ivulncheck_agent

IVULNCHECK_API_USERNAME=ivulncheck_agent
IVULNCHECK_API_PASSWORD=$(cat /etc/ivulncheck/ivulncheck-agent)

# Delaying execution of this script
## Generate random delay in sec
MAX_DELAY=3600 
DELAY=$((  $(dd if=/dev/urandom bs=512 count=1 2>&1 | cksum | cut -d' ' -f1) % 3600 ))

## Waiting
echo "Waiting ${DELAY} sec before executing ivulncheck_agent" | logger -p syslog.err --tag "Ivulncheck-Agent"
sleep "${DELAY}"

# Checking execution path
if [ ! -e "${IVULNCHECK_PATH}" ] ; then
    $(mkdir -p "${IVULNCHECK_PATH}")
fi

if [ -e /etc/debian_version ] ; then
	OS_FAMILLY="debian"
elif [ -e /etc/redhat-release ] ; then
    ## NOT SUPPORTED
	OS_FAMILLY="redhat"
else
	echo "Could not find OS_FAMILLY type" | logger -p syslog.err --tag "Ivulncheck-Agent"
	exit 1
fi

## Detect OS
kernel_version=$(uname -v)
LSB_RELEASE_PATH=$(which lsb_release)
if [ -z "${LSB_RELEASE_PATH}" ] ; then
	if [ "${OS_FAMILLY}" = "debian" ] ; then
		if ! apt-get install lsb-release -y ; then
			echo "Could not have lsb_release" | logger -p syslog.err --tag "Ivulncheck-Agent"
			exit 1
		fi
	else
		echo "lsb_release not available"  | logger -p syslog.err --tag "Ivulncheck-Agent"
		exit 1
	fi
fi

# Example: Debian / Ubuntu
OS_TYPE=$(lsb_release -i -s)
# Example: stretch / bionic
OS_SUITE_NAME=$(lsb_release -c -s)
# Example: 9.4 / 18.04
OS_VERSION=$(lsb_release -r -s)

HOSTNAME=$(hostname --fqdn | cut -d. -f1)

## Detect hostname and ip addresses
if which ip >/dev/null 2>&1 ; then
    DEFROUTE_IF=$(awk '{ if ( $2 == "00000000" ) print $1 }' /proc/net/route | head -n 1)
    DEFROUTE_IP=$(LC_ALL=C ip addr show "${DEFROUTE_IF}" | grep inet | head -n 1 | awk '{print $2}' | cut -d/ -f1 | grep -E '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$')
else
    DEFROUTE_IP=`hostname -i | grep -E '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
fi

echo '{"hostname": "'${HOSTNAME}'", "ipv4": "'${DEFROUTE_IP}'", "osfamily": "'${OS_FAMILLY}'", "ostype": "'${OS_TYPE}'", "suitename": "'${OS_SUITE_NAME}'", "osversion": "'${OS_VERSION}'",' >${IVULNCHECK_PATH}"/pkg_list.json"
echo '"packages" : [' >>${IVULNCHECK_PATH}"/pkg_list.json"

kernel_release=`uname -r | cut -d'-' -f1`

if [ "${OS_FAMILLY}" = "debian" ] ; then
    ### Detect standard and source dpkg package
    dpkg-query -W -f='\t{"pkg_name": "${binary:Package}", "pkg_vers": "${Version}", "src_name": "${source:Package}", "src_vers": "${source:Version}"},\n' >>${IVULNCHECK_PATH}"/pkg_list.json"
fi

## You can add custom products to monitor here
#$(echo '    {"prod_name": "<product>", "prod_vers" :"<version>"},' >>${IVULNCHECK_PATH}"/pkg_list.json")

$(echo '    ]' >>${IVULNCHECK_PATH}"/pkg_list.json")
$(echo '}' >>${IVULNCHECK_PATH}"/pkg_list.json")
# To remove the last comma in $packages array
$(sed -i $(( $(cat ${IVULNCHECK_PATH}"/pkg_list.json" | wc -l) -2))'s/,$//' ${IVULNCHECK_PATH}"/pkg_list.json")

# curl with auth in silent mode displaying error in stdout redirected to syslog (and response written in last_result.log)
curl -u ${IVULNCHECK_API_USERNAME}":"${IVULNCHECK_API_PASSWORD} -s -S --stderr - ${IVULNCHECK_API_URL}"/insert/host" -f --connect-timeout 3 --upload-file ${IVULNCHECK_PATH}"/pkg_list.json" -o ${IVULNCHECK_PATH}"/last_result.log" | logger -p syslog.err --tag "Ivulncheck-Agent"
# Logging ivulncheck API returned message
if [ -e ${IVULNCHECK_PATH}"/last_result.log" ] ; then
    cat ${IVULNCHECK_PATH}"/last_result.log" | logger -p syslog.info --tag "Ivulncheck-Agent"
    rm ${IVULNCHECK_PATH}"/last_result.log"
fi

