<?php

Configure::set('display', true);
Configure::set('logfile', true);

$options = cGetOpt(["updates"]);
$updates = $options['updates'] ?? "no";

Configure::set('remove_users', [
    'shutdown', 'halt', 'games', 'operator',
    'ftp', 'news', 'gopher',
]); 

force_root();

display(getTermColors("Deleteing unused user accounts", ['color'=>'blue']));
$remove_users = Configure::get('remove_users');
if (is_array($remove_users)) {
    foreach($remove_users as $del_user) {
        doCommand('userdel', $del_user);
    }
}
display(getTermColors("Removing old un-needed programs", ['color'=>'blue']));
doCommand('purge', "xinetd nis yp-tools tftpd atftpd tftpd-hpa telnetd rsh-server rsh-redone-server");

if ($updates === "yes") {
    display("Full updates and unattended-upgrades");
    doCommand('full_update');
    doCommand('install', "unattended-upgrades");
    doCommand('systemctl', "unattended-upgrades", "start");
    doCommand('systemctl', "unattended-upgrades", "enable");
}
    
display(getTermColors("List services", ['color'=>'blue']));
exec(neato::get_bin . 'systemctl list-unit-files --type=service', $output, $exit_code);
display($output);
unset($output);

display(getTermColors("Verify no Accounts have Empty passwords", ['color'=>'blue']));
exec(neato::get_bin . 'awk -F: \'($2 == "") {print}\' /etc/shadow', $output, $exit_code);
if (count($output) > 0) {
    display(getTermColors($output, ['color'=>'red']));
} else {
    display(getTermColors("All accounts have passwords.", ['color'=>'green']));
}
unset($output);

display(getTermColors("Make sure No Non-Root accounts have UID set to 0", ['color'=>'blue']));
exec(neato::get_bin . 'awk -F: \'($3 == "0") {print}\' /etc/passwd', $output, $exit_code);
if (count($output) > 1) {
    display(getTermColors($output, ['color'=>'red']));
} else {
    display(getTermColors("All accounts are normal.", ['color'=>'green']));
}
unset($output);

display(getTermColors("World Writable files", ['color'=>'blue']));
exec(neato::get_bin . 'find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print', $output, $exit_code);
if (count($output) > 0) {
    display(getTermColors($output, ['color'=>'red']));
} else {
    display(getTermColors("No world writable files exists.", ['color'=>'green']));
}
unset($output);

display(getTermColors("No-owner Files", ['color'=>'blue']));
exec(neato::get_bin . 'find / -xdev \( -nouser -o -nogroup \) -print', $output, $exit_code);
if (count($output) > 0) {
    display(getTermColors($output, ['color'=>'red']));
} else {
    display(getTermColors("All files have owner-ship.", ['color'=>'green']));
}
unset($output);

display(getTermColors("Unwanted SUID and SGID bins", ['color'=>'blue']));
exec(neato::get_bin . 'find / \( -perm -4000 -o -perm -2000 \) -print', $output, $exit_code);
if (count($output) > 0) {
    display(getTermColors($output, ['color'=>'red']));
} else {
    display(getTermColors("No sticky bits found.", ['color'=>'green']));
}
unset($output);