"""
Command-builder module for managing OSSEC HIDS on a Linux VPS.
Each function returns a bash command string. OSSEC installs to /var/ossec.
"""


def status_cmd():
    return (
        "echo '=== OSSEC Status ===' && "
        "/var/ossec/bin/ossec-control status && "
        "echo && echo '=== OSSEC Version ===' && "
        "/var/ossec/bin/ossec-control info 2>/dev/null || "
        "cat /var/ossec/etc/ossec-init.conf 2>/dev/null || echo 'Version unknown' && "
        "echo && echo '=== Active Processes ===' && "
        "ps aux | grep '[o]ssec'"
    )


def install_cmd():
    return (
        "apt-get update && "
        "apt-get install -y build-essential make gcc libevent-dev libpcre2-dev libz-dev libssl-dev && "
        "cd /tmp && "
        "wget -O ossec-hids-3.7.0.tar.gz https://github.com/ossec/ossec-hids/archive/refs/tags/3.7.0.tar.gz && "
        "tar xzf ossec-hids-3.7.0.tar.gz && "
        "cd ossec-hids-3.7.0 && "
        "OSSEC_LANGUAGE=en OSSEC_TYPE=local OSSEC_NOTIFY=n OSSEC_SYSCHECK=y "
        "OSSEC_ROOTCHECK=y OSSEC_ACTIVE_RESPONSE=y ./install.sh && "
        "/var/ossec/bin/ossec-control start && "
        "echo 'OSSEC 3.7.0 installed and started.'"
    )


def start_cmd():
    return "/var/ossec/bin/ossec-control start"


def stop_cmd():
    return "/var/ossec/bin/ossec-control stop"


def restart_cmd():
    return "/var/ossec/bin/ossec-control restart"


def alerts_cmd(lines=50):
    return f"tail -n {lines} /var/ossec/logs/alerts/alerts.log"


def alerts_today_cmd():
    return (
        "grep \"$(date +'%Y %b %d')\" /var/ossec/logs/alerts/alerts.log || "
        "echo 'No alerts for today.'"
    )


def log_cmd(lines=50):
    return f"tail -n {lines} /var/ossec/logs/ossec.log"


def syscheck_cmd():
    return (
        "echo '=== Syscheck Results ===' && "
        "ls -la /var/ossec/queue/syscheck/ && "
        "echo && echo '=== Recent Integrity Changes ===' && "
        "for f in /var/ossec/queue/syscheck/*; do "
        "echo \"--- $f ---\" && tail -20 \"$f\" 2>/dev/null; done"
    )


def config_cmd():
    return "cat /var/ossec/etc/ossec.conf"


def config_save_cmd(content):
    escaped = content.replace("'", "'\\''")
    return (
        "cp /var/ossec/etc/ossec.conf /var/ossec/etc/ossec.conf.bak.$(date +%Y%m%d%H%M%S) && "
        f"echo '{escaped}' > /var/ossec/etc/ossec.conf && "
        "/var/ossec/bin/ossec-control restart && "
        "echo 'Config saved and OSSEC restarted.'"
    )


def rules_cmd():
    return "ls -la /var/ossec/rules/*.xml"


def active_response_cmd():
    return (
        "echo '=== Active Response Config ===' && "
        "grep -A5 '<active-response>' /var/ossec/etc/ossec.conf && "
        "echo && echo '=== Recent Blocks ===' && "
        "cat /var/ossec/logs/active-responses.log 2>/dev/null | tail -30 || "
        "echo 'No active response log found.'"
    )


def agent_list_cmd():
    return "/var/ossec/bin/agent_control -l"


def uninstall_cmd():
    return (
        "/var/ossec/bin/ossec-control stop 2>/dev/null; "
        "rm -rf /var/ossec && "
        "userdel ossec 2>/dev/null; "
        "userdel ossecm 2>/dev/null; "
        "userdel ossecr 2>/dev/null; "
        "userdel ossece 2>/dev/null; "
        "groupdel ossec 2>/dev/null; "
        "echo 'OSSEC uninstalled.'"
    )