#!/bin/bash
# ------------------------- CONFIGURATION starts here -------------------------
# location of the HC scripts
HC_DIR="/opt/hc"
# location of the HC configuration files
HC_ETC_DIR="/etc/opt/hc"
# location of the HC log/state files
HC_VAR_DIR="/var/opt/hc"
# location of check_health.sh
HC_BIN="/opt/hc/bin/check_health.sh"
PATH="$PATH:/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin"
# ------------------------- CONFIGURATION ends here ---------------------------
echo "INFO: starting post-install script ..."
# debian: reset ownerships & permissions
chown -R root:root /opt/hc /etc/opt/hc 2>/dev/null
chown root:root /etc/logrotate.d/check_health 2>/dev/null
chmod 644 /etc/logrotate.d/check_health 2>/dev/null
# copy configuration files
if [[ -f ${HC_ETC_DIR}/core/check_health.conf.dist ]]
then
    if [[ ! -f ${HC_ETC_DIR}/core/check_health.conf ]]
    then
        # copy main configuration file
        cp -p ${HC_ETC_DIR}/core/check_health.conf.dist ${HC_ETC_DIR}/core/check_health.conf >/dev/null
        (( $? == 0 )) || \
        {
            echo "ERROR: could not copy main config file in ${HC_ETC_DIR}/core"
            exit 1
        }
    fi
else
    echo "WARN: could not check_health config .dist file in ${HC_ETC_DIR}/core"
fi
if [[ -f ${HC_ETC_DIR}/check_host.conf.dist ]]
then
    if [[ ! -f ${HC_ETC_DIR}/check_host.conf ]]
    then
        # copy host check configuration file
        cp -p ${HC_ETC_DIR}/check_host.conf.dist ${HC_ETC_DIR}/check_host.conf >/dev/null
        (( $? == 0 )) || \
        {
            echo "ERROR: could not copy host check config file in ${HC_ETC_DIR}"
            exit 1
        }
    fi
else
    echo "WARN: could not find check_host config .dist file in ${HC_ETC_DIR}"
fi
# refresh symbolic FPATH links for core includes & plugins
if [[ -x ${HC_BIN} ]]
then
    ${HC_BIN} --fix-symlinks || echo "WARN: updating symlinks failed"
else
    echo "ERROR: could not locate or excute the HC main script (${HC_BIN})"
fi
# set SELinux contexts for logrotate
SESTATUS_BIN=$(command -v sestatus 2>/dev/null)
if [[ -n "${SESTATUS_BIN}" ]]
then
    IS_ENFORCING=$(${SESTATUS_BIN} | grep -c "Current mode.*enforcing" 2>/dev/null)
    if (( IS_ENFORCING > 0 ))
    then
        SEMANAGE_BIN=$(command -v semanage 2>/dev/null)
        if [[ -n "${SEMANAGE_BIN}" ]]
        then
            ${SEMANAGE_BIN} fcontext -a -t var_log_t "${HC_VAR_DIR}(/check_health\.sh\.log.*)?"
            echo "INFO: SELinux fcontexts configured for log rotation"
            if [[ -d ${HC_VAR_DIR} ]]
            then
                RESTORECON_BIN=$(command -v restorecon 2>/dev/null)
                if [[ -n "${RESTORECON_BIN}" ]]
                then
                    ${RESTORECON_BIN} -Frv ${HC_VAR_DIR}
                    echo "INFO: SELinux fcontexts set on ${HC_VAR_DIR} for log rotation"
                else
                    echo "WARN: SELinux is set to 'enforcing' but could not found 'restorecon' to set fcontexts for log rotation"
                fi
            fi
        else
            echo "WARN: SELinux is set to 'enforcing' but could not found 'semanage' to set fcontexts for log rotation"
        fi
    fi
fi
echo "INFO: finished post-install script"