#!/bin/bash
# =============================================================================
# Linux Security Hardening Script for Debian/Ubuntu
# =============================================================================

# Script version
VERSION="1.0.0"

# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Source common functions and variables
source "$SCRIPT_DIR/common.sh"

# Ensure the script is run as root
if [ "$EUID" -ne 0 ]; then
  echo " * This script must be run with sudo privileges."
  echo " * Please run it again using: sudo $0"
  echo 

  exit 1
fi

# Check if the system is Debian or Ubuntu
if ! grep -q -E "Debian|Ubuntu" /etc/issue && ! grep -q -E "Debian|Ubuntu" /etc/os-release; then
  echo "This script is designed for Debian or Ubuntu systems only."

  exit 1
fi

# Create necessary directories
create_directories

# Display banner
display_banner

# Display OS information
display_os_info

# Main execution
log_message "INFO" "Starting security hardening process"

# Initialize progress
TOTAL_STEPS=14
CURRENT_STEP=0

# Update and configure package management
$SCRIPT_DIR/modules/package_management.sh "Configuring package management"

# Configure SSH
$SCRIPT_DIR/modules/ssh_hardening.sh "Hardening SSH configuration"

# Configure firewall
$SCRIPT_DIR/modules/firewall.sh "Configuring firewall rules"

# Setup fail2ban
$SCRIPT_DIR/modules/fail2ban.sh "Setting up fail2ban"

# Configure system auditing
$SCRIPT_DIR/modules/auditing.sh "Configuring system auditing"

# Setup DNS
$SCRIPT_DIR/modules/dns_config.sh "Configuring DNS settings"

# Configure NTP
$SCRIPT_DIR/modules/ntp.sh "Configuring NTP"

# Setup automatic updates
$SCRIPT_DIR/modules/auto_updates.sh "Setting up automatic updates"

# Install and configure ClamAV
$SCRIPT_DIR/modules/antivirus.sh "Installing and configuring ClamAV"

# Setup custom prompt
$SCRIPT_DIR/modules/custom_prompt.sh "Setting up custom system prompt"

# Install GLPI agent
$SCRIPT_DIR/modules/glpi_agent.sh "Installing GLPI agent"

# Install Wazuh agent
$SCRIPT_DIR/modules/wazuh_agent.sh "Installing Wazuh agent"

# Setup monitoring (SNMP and NRPE)
$SCRIPT_DIR/modules/monitoring.sh "Setting up monitoring services"

# Apply additional security measures
$SCRIPT_DIR/modules/additional_hardening.sh "Applying additional security measures"

# Display completion message
echo
log_message "SUCCESS" "Security hardening completed successfully!"
echo "Log file available at: $LOG_FILE"
echo "System backup files stored at: $BACKUP_DIR"
echo

exit 0