# rkhunter rootkit detection management commands
# Each function returns a bash command string that app.py executes via ssh_run()


def status_cmd():
    """Return bash cmd to check rkhunter install, version, and last run results."""
    return (
        "echo '=== rkhunter Installation ===' && "
        "dpkg -l | grep rkhunter | awk '{print $2, $3}' 2>/dev/null || echo 'rkhunter not installed' && "
        "echo '' && echo '=== Version ===' && "
        "rkhunter --version 2>/dev/null || echo 'rkhunter not found' && "
        "echo '' && echo '=== Last Run ===' && "
        "if [ -f /var/log/rkhunter.log ]; then "
        "  grep 'Start date' /var/log/rkhunter.log | tail -1; "
        "  grep 'End date' /var/log/rkhunter.log | tail -1; "
        "  echo '' && echo '=== Last Results ===' && "
        "  grep -E '\\[Warning\\]|\\[Bad\\]|\\[Not found\\]' /var/log/rkhunter.log | tail -20 || "
        "  echo 'No warnings found in last run'; "
        "else "
        "  echo 'No log file found (rkhunter has not been run)'; "
        "fi"
    )


def install_cmd():
    """Return bash cmd to install rkhunter, update db, and set file properties."""
    return (
        "DEBIAN_FRONTEND=noninteractive apt-get update -qq && "
        "DEBIAN_FRONTEND=noninteractive apt-get install -y rkhunter 2>&1 && "
        "rkhunter --update 2>&1; "
        "rkhunter --propupd 2>&1 && "
        "echo 'rkhunter installed, database updated, file properties set'"
    )


def update_cmd():
    """Return bash cmd to update rkhunter signatures and file properties."""
    return (
        "echo '=== Updating Signatures ===' && "
        "rkhunter --update 2>&1; "
        "echo '' && echo '=== Updating File Properties ===' && "
        "rkhunter --propupd 2>&1 && "
        "echo '' && echo 'rkhunter signatures and file properties updated'"
    )


def check_cmd():
    """Return bash cmd for a full rkhunter scan (warnings only)."""
    return (
        "echo '=== rkhunter Full Scan ===' && "
        "echo 'Started: '$(date) && "
        "rkhunter --check --skip-keypress --report-warnings-only 2>&1; "
        "echo 'Finished: '$(date)"
    )


def check_quick_cmd():
    """Return bash cmd for a quick rkhunter check on key areas."""
    return (
        "echo '=== rkhunter Quick Check ===' && "
        "echo 'Started: '$(date) && "
        "rkhunter --check --skip-keypress --report-warnings-only "
        "--enable system_commands,rootkits,network 2>&1; "
        "echo 'Finished: '$(date)"
    )


def log_cmd(lines=50):
    """Return bash cmd to view rkhunter log."""
    return (
        "echo '=== rkhunter Log ===' && "
        f"tail -{lines} /var/log/rkhunter.log 2>/dev/null || echo 'No rkhunter log found'"
    )


def config_cmd():
    """Return bash cmd to show rkhunter config and key settings."""
    return (
        "echo '=== rkhunter.conf ===' && "
        "cat /etc/rkhunter.conf 2>/dev/null || echo 'Not found' && "
        "echo '' && echo '=== Key Settings ===' && "
        "grep -E '^(ALLOW_SSH_ROOT_USER|ALLOW_SSH_PROT_V1|ENABLE_TESTS|DISABLE_TESTS|"
        "SCRIPTWHITELIST|ALLOWHIDDENDIR|ALLOWHIDDENFILE|ALLOWDEVFILE|"
        "WEB_CMD|UPDATE_MIRRORS|MIRRORS_MODE|MAIL-ON-WARNING)' "
        "/etc/rkhunter.conf 2>/dev/null || echo 'Could not read config'"
    )


def whitelist_cmd():
    """Return bash cmd to show current whitelisted items from config."""
    return (
        "echo '=== rkhunter Whitelisted Items ===' && "
        "grep -E '^(SCRIPTWHITELIST|ALLOWHIDDENDIR|ALLOWHIDDENFILE|ALLOWDEVFILE|"
        "ALLOW_SSH_ROOT_USER|RTKT_FILE_WHITELIST|RTKT_DIR_WHITELIST|"
        "SHARED_LIB_WHITELIST|PORT_WHITELIST|EXISTWHITELIST)' "
        "/etc/rkhunter.conf 2>/dev/null || echo 'No whitelist entries found or config not found'"
    )


def whitelist_add_cmd(item):
    """Return bash cmd to add a SCRIPTWHITELIST entry to rkhunter.conf."""
    return (
        f"if grep -q '^SCRIPTWHITELIST={item}$' /etc/rkhunter.conf 2>/dev/null; then "
        f"  echo 'Already whitelisted: {item}'; "
        f"else "
        f"  echo 'SCRIPTWHITELIST={item}' >> /etc/rkhunter.conf && "
        f"  echo 'Added SCRIPTWHITELIST={item} to /etc/rkhunter.conf' && "
        f"  rkhunter --propupd 2>&1; "
        f"fi"
    )


def schedule_cmd(schedule="daily"):
    """Return bash cmd to set up a cron job for scheduled rkhunter scanning."""
    if schedule == "daily":
        cron_time = "0 4 * * *"
    elif schedule == "weekly":
        cron_time = "0 4 * * 0"
    else:
        cron_time = "0 4 * * *"
    return (
        f"(crontab -l 2>/dev/null | grep -v 'setec-rkhunter'; "
        f"echo '{cron_time} rkhunter --check --skip-keypress --report-warnings-only "
        f"--logfile /var/log/rkhunter.log # setec-rkhunter') | crontab - 2>&1 && "
        f"echo 'Scheduled {schedule} rkhunter scan' && "
        f"crontab -l | grep setec-rkhunter"
    )


def schedule_status_cmd():
    """Return bash cmd to show current rkhunter scan schedule."""
    return (
        "echo '=== rkhunter Scan Schedule ===' && "
        "crontab -l 2>/dev/null | grep setec-rkhunter || echo 'No scheduled rkhunter scan'"
    )


def schedule_remove_cmd():
    """Return bash cmd to remove scheduled rkhunter scan."""
    return (
        "(crontab -l 2>/dev/null | grep -v 'setec-rkhunter') | crontab - 2>&1 && "
        "echo 'Scheduled rkhunter scan removed'"
    )


def uninstall_cmd():
    """Return bash cmd to remove rkhunter."""
    return (
        "DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y rkhunter 2>&1 && "
        "apt-get autoremove -y 2>&1 && "
        "echo 'rkhunter uninstalled'"
    )