#!/bin/bash

# Rocky9 compatible

. /usr/src/m2/framework/bash_functions.sh

VERSION="1.1.3"
SCRIPT_NAME="PCAP TShark Install"

k_start

if [ "$ROCKY9" == "1" ]; then
    # Ruby 3 for Rocky 9
    if [ -e /usr/bin/ruby ]; then
        ver=`ruby -v`
        report "Ruby already present: $ver" 0
    else
        yum -y install ruby
    fi
else
    # Ruby 2 for Centos 7
    if [[ ! -e /etc/profile.d/rvm.sh ]]; then
        # Ruby from yum on Centos 7 (2.0) should be good if already exists
        if [[ -e /usr/bin/ruby && $(ruby -v) =~ "^ruby 2" ]]; then
            :
        else
            report "Installing Ruby with RVM" 3
            /usr/src/k_framework/helpers/gui/rvm_install.sh
            /usr/src/k_framework/helpers/gui/ruby_install.sh
        fi
    fi
fi

# jq is very old in repositories, download directly
if [[ ! -e /usr/local/sbin/jq ]]; then
    cd /usr/src || exit
    rm -f jq-linux64
    wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
    cp -f /usr/src/jq-linux64 /usr/local/sbin/jq
    chmod +x /usr/local/sbin/jq

    if [[ ! -e /usr/local/sbin/jq ]]; then report "Failed to install jq" 1; else report "Jq has been installed" 0; fi
fi

# install epel if not exist
install_epel6

# mscgen
# http://www.mcternan.me.uk/mscgen/
if [[ ! -e /usr/local/bin/mscgen ]]; then
    cd /usr/src || exit
    rm -f mscgen-static-0.20.tar.gz
    wget --no-check-certificate http://www.mcternan.me.uk/mscgen/software/mscgen-static-0.20.tar.gz
    tar xzf mscgen-static-0.20.tar.gz
    cp -f mscgen-0.20/bin/mscgen /usr/local/bin
    chmod +x /usr/local/bin/mscgen

    if [[ ! -e /usr/local/bin/mscgen ]]; then report "Failed to install mscgen" 1; else report "mscgen has been installed" 0; fi
fi

if [ ! -e /usr/bin/zstd ]; then
    yum install -y zstd
fi

for package in zstd tcpdump wireshark; do
    if ! rpm -qa | grep -Fq $package; then
        yum -y install $package
    fi
done

cd /usr/src/m2/helpers/m2_pcap_tshark || exit

mkdir -p /usr/local/m2
cp -f m2_pcap_tshark.sh  /usr/local/m2
chmod +x /usr/local/m2/m2_pcap_tshark.sh

cp -f m2_pcap_tshark_control.sh  /usr/local/m2
chmod +x /usr/local/m2/m2_pcap_tshark_control.sh

cp -f  m2_pcap_tshark_find_suitable_pcaps.rb /usr/local/m2
chmod +x /usr/local/m2/m2_pcap_tshark_find_suitable_pcaps.rb

cp -f  m2_pcap_tshark_reshuffle_files.rb /usr/local/m2
chmod +x /usr/local/m2/m2_pcap_tshark_reshuffle_files.rb

cp -f  m2_pcap_tshark_compress_wrapper.sh /usr/local/m2
chmod +x /usr/local/m2/m2_pcap_tshark_compress_wrapper.sh

cp -f  m2_pcap_wrapper.sh /usr/local/m2
chmod +x /usr/local/m2/m2_pcap_wrapper.sh

if [[ -e /usr/local/m2/m2_pcap ]]; then
    if ! file /usr/local/m2/m2_pcap | grep -Fq 'shell script'; then
       cp -af /usr/local/m2/m2_pcap /usr/local/m2/m2_pcapsipdump
       cp -af /usr/local/m2/m2_pcap_wrapper.sh  /usr/local/m2/m2_pcap
       chmod +x /usr/local/m2/m2_pcap
    else
        cp -af /usr/local/m2/m2_pcap_wrapper.sh  /usr/local/m2/m2_pcap
        chmod +x /usr/local/m2/m2_pcap
    fi
else
    cp -af /usr/local/m2/m2_pcap_wrapper.sh  /usr/local/m2/m2_pcap
    chmod +x /usr/local/m2/m2_pcap
fi

cp -fr pcap2msc /usr/local/bin
chmod +x /usr/local/bin/pcap2msc

cp -fr m2_pcap_tshark_control /etc/cron.d
chmod 0644 /etc/cron.d/m2_pcap_tshark_control
service crond restart &>  /dev/null

# now handled by m2_global_logrotate
#add_logrotate_if_not_present "/var/log/m2/m2_pcap_tshark_control.log" "m2_pcap_tshark_control" 3 "copytruncate"
#add_logrotate_if_not_present "/var/log/m2/m2_pcap_tshark.log" "m2_pcap_tshark" 3

mkdir -p /etc/m2

config="/etc/m2/system.conf"
[[ ! -e /etc/m2/system.conf ]] && touch /etc/m2/system.conf

sed -i 's#pcap_enabled\s*=\s*1#pcap_enabled=0#' /etc/m2/system.conf
pkill pcapsipdump &> /dev/null
sleep 1
pkill -9 pcapsipdump &> /dev/null

grep -Fq 'pcap_tshark_active' $config || { echo ""; echo "pcap_tshark_active = 1"; } >> $config
grep -Fq 'pcap_tshark_show_all_b_legs' $config || echo "pcap_tshark_show_all_b_legs = 1" >> $config
grep -Fq 'pcap_tshark_search_threshold' $config || echo "pcap_tshark_search_threshold = 10" >> $config
grep -Fq 'pcap_tshark_compress' $config || echo "pcap_tshark_compress = 1" >> $config
grep -Fq 'pcap_tshark_pcaps_count' $config || echo "pcap_tshark_pcaps_count = 2000" >> $config
grep -Fq 'pcap_tshark_pcap_size' $config || echo "pcap_tshark_pcap_size = 10" >> $config
grep -Fq 'pcap_tshark_capture_directory' $config || echo "pcap_tshark_capture_directory=/var/spool/pcaps" >> $config
grep -Fq 'pcap_tshark_net_interface' $config || echo "pcap_tshark_net_interface=any" >> $config
grep -Fq 'pcap_tshark_search_all_files' $config || { echo "pcap_tshark_search_all_files = 1"; } >> $config
grep -Fq 'pcap_tshark_search_limit_all_files' $config || { echo "pcap_tshark_search_limit_all_files = 30"; } >> $config

# Symlinks for /usr/bin/xxx -> /usr/sbin/xxx
if [ ! -e /usr/sbin/tcpdump ] && [ -e /usr/bin/tcpdump ]; then
    ln -s /usr/bin/tcpdump /usr/sbin/tcpdump
fi
if [ ! -e /usr/sbin/capinfos ] && [ -e /usr/bin/capinfos ]; then
    ln -s /usr/bin/capinfos /usr/sbin/capinfos
fi
if [ ! -e /usr/sbin/tshark ] && [ -e /usr/bin/tshark ]; then
    ln -s /usr/bin/tshark /usr/sbin/tshark
fi
if [ ! -e /usr/sbin/mergecap ] && [ -e /usr/bin/mergecap ]; then
    ln -s /usr/bin/mergecap /usr/sbin/mergecap
fi

if ! grep -Fq dbhost $config; then
    report "DB details are not configured in $config. Please configure them before using pcap" 2
fi

k_exit "$EXIT_CODE"