"""
Command-builder module for managing Lynis (security auditing tool) on a Linux VPS.
Each function returns a bash command string.
"""


def status_cmd():
    """Check if Lynis is installed, show version and update info."""
    return (
        "echo '=== Lynis Status ===' && "
        "if command -v lynis >/dev/null 2>&1; then "
        "echo 'Installed: yes' && lynis --version && echo '--- Update Info ---' && lynis update info; "
        "else echo 'Installed: no'; fi"
    )


def install_cmd():
    """Install Lynis via apt."""
    return "apt-get update && apt-get install -y lynis"


def audit_full_cmd():
    """Run a full Lynis system audit with no colors, capturing full output."""
    return "lynis audit system --no-colors"


def audit_quick_cmd():
    """Run a quick Lynis system audit with no colors, show last 80 lines."""
    return "lynis audit system --quick --no-colors | tail -n 80"


def show_report_cmd():
    """Cat the Lynis report and parse key findings."""
    return (
        "echo '=== Lynis Report Key Findings ===' && "
        "echo '--- Warnings ---' && "
        "grep -E '^warning\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | sed 's/warning\\[\\]=//' || echo 'No warnings found' && "
        "echo '--- Suggestions ---' && "
        "grep -E '^suggestion\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | head -20 | sed 's/suggestion\\[\\]=//' || echo 'No suggestions found' && "
        "echo '--- Hardening Index ---' && "
        "grep -E '^hardening_index=' /var/log/lynis-report.dat 2>/dev/null | sed 's/hardening_index=/Score: /' || echo 'No hardening index found'"
    )


def show_warnings_cmd():
    """Grep warnings from the Lynis report."""
    return "grep -E '^warning\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | sed 's/warning\\[\\]=//' || echo 'No warnings found'"


def show_suggestions_cmd():
    """Grep suggestions from the Lynis report."""
    return "grep -E '^suggestion\\[\\]=' /var/log/lynis-report.dat 2>/dev/null | sed 's/suggestion\\[\\]=//' || echo 'No suggestions found'"


def hardening_index_cmd():
    """Extract the hardening index score from the Lynis report."""
    return "grep -E '^hardening_index=' /var/log/lynis-report.dat 2>/dev/null | sed 's/hardening_index=/Hardening Index: /' || echo 'No hardening index found'"


def log_cmd(lines=100):
    """View the last N lines of the Lynis log."""
    return f"tail -n {lines} /var/log/lynis.log"


def profile_cmd():
    """Show the default Lynis audit profile."""
    return "cat /etc/lynis/default.prf"


def schedule_cmd(schedule="weekly"):
    """Create a cron job for scheduled Lynis audits."""
    cron_schedules = {
        "daily": "0 3 * * *",
        "weekly": "0 3 * * 0",
        "monthly": "0 3 1 * *",
    }
    cron_time = cron_schedules.get(schedule, cron_schedules["weekly"])
    cron_line = f"{cron_time} root lynis audit system --no-colors --quick > /var/log/lynis-scheduled.log 2>&1"
    return (
        f"echo '{cron_line}' > /etc/cron.d/lynis-audit && "
        "chmod 644 /etc/cron.d/lynis-audit && "
        f"echo 'Lynis {schedule} audit scheduled'"
    )


def schedule_status_cmd():
    """Check if a scheduled Lynis audit cron job exists."""
    return "cat /etc/cron.d/lynis-audit 2>/dev/null || echo 'No scheduled Lynis audit found'"


def schedule_remove_cmd():
    """Remove the scheduled Lynis audit cron job."""
    return "rm -f /etc/cron.d/lynis-audit && echo 'Lynis scheduled audit removed'"


def uninstall_cmd():
    """Uninstall Lynis via apt."""
    return "apt-get remove -y lynis && apt-get autoremove -y"