Initial commit — SETEC LABS Manager (Setec_CDM)

Flask-based VPS management panel with SSH remote command execution.
Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard,
security hardening tools, DNS management, firewall configs, monitoring,
backup, and .sec patch update system.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

setec-web/lynis.py

@@ -0,0 +1,98 @@
+"""
+Command-builder module for managing Lynis (security auditing tool) on a Linux VPS.
+Each function returns a bash command string.
+"""
+
+
+def status_cmd():
+    """Check if Lynis is installed, show version and update info."""
+    return (
+        "echo '=== Lynis Status ===' && "
+        "if command -v lynis >/dev/null 2>&1; then "
+        "echo 'Installed: yes' && lynis --version && echo '--- Update Info ---' && lynis update info; "
+        "else echo 'Installed: no'; fi"
+    )
+
+
+def install_cmd():
+    """Install Lynis via apt."""
+    return "apt-get update && apt-get install -y lynis"
+
+
+def audit_full_cmd():
+    """Run a full Lynis system audit with no colors, capturing full output."""
+    return "lynis audit system --no-colors"
+
+
+def audit_quick_cmd():
+    """Run a quick Lynis system audit with no colors, show last 80 lines."""
+    return "lynis audit system --quick --no-colors | tail -n 80"
+
+
+def show_report_cmd():
+    """Cat the Lynis report and parse key findings."""
+    return (
+        "echo '=== Lynis Report Key Findings ===' && "
+        "echo '--- Warnings ---' && "
+        "grep -E '^warning\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | sed 's/warning\\[\\]=//' || echo 'No warnings found' && "
+        "echo '--- Suggestions ---' && "
+        "grep -E '^suggestion\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | head -20 | sed 's/suggestion\\[\\]=//' || echo 'No suggestions found' && "
+        "echo '--- Hardening Index ---' && "
+        "grep -E '^hardening_index=' /var/log/lynis-report.dat 2>/dev/null | sed 's/hardening_index=/Score: /' || echo 'No hardening index found'"
+    )
+
+
+def show_warnings_cmd():
+    """Grep warnings from the Lynis report."""
+    return "grep -E '^warning\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | sed 's/warning\\[\\]=//' || echo 'No warnings found'"
+
+
+def show_suggestions_cmd():
+    """Grep suggestions from the Lynis report."""
+    return "grep -E '^suggestion\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | sed 's/suggestion\\[\\]=//' || echo 'No suggestions found'"
+
+
+def hardening_index_cmd():
+    """Extract the hardening index score from the Lynis report."""
+    return "grep -E '^hardening_index=' /var/log/lynis-report.dat 2>/dev/null | sed 's/hardening_index=/Hardening Index: /' || echo 'No hardening index found'"
+
+
+def log_cmd(lines=100):
+    """View the last N lines of the Lynis log."""
+    return f"tail -n {lines} /var/log/lynis.log"
+
+
+def profile_cmd():
+    """Show the default Lynis audit profile."""
+    return "cat /etc/lynis/default.prf"
+
+
+def schedule_cmd(schedule="weekly"):
+    """Create a cron job for scheduled Lynis audits."""
+    cron_schedules = {
+        "daily": "0 3 * * *",
+        "weekly": "0 3 * * 0",
+        "monthly": "0 3 1 * *",
+    }
+    cron_time = cron_schedules.get(schedule, cron_schedules["weekly"])
+    cron_line = f"{cron_time} root lynis audit system --no-colors --quick > /var/log/lynis-scheduled.log 2>&1"
+    return (
+        f"echo '{cron_line}' > /etc/cron.d/lynis-audit && "
+        "chmod 644 /etc/cron.d/lynis-audit && "
+        f"echo 'Lynis {schedule} audit scheduled'"
+    )
+
+
+def schedule_status_cmd():
+    """Check if a scheduled Lynis audit cron job exists."""
+    return "cat /etc/cron.d/lynis-audit 2>/dev/null || echo 'No scheduled Lynis audit found'"
+
+
+def schedule_remove_cmd():
+    """Remove the scheduled Lynis audit cron job."""
+    return "rm -f /etc/cron.d/lynis-audit && echo 'Lynis scheduled audit removed'"
+
+
+def uninstall_cmd():
+    """Uninstall Lynis via apt."""
+    return "apt-get remove -y lynis && apt-get autoremove -y"