#!/bin/bash
# =========================================================
# AlmaLinux Internal Host Server Checklist Report
# =========================================================

REPORT_DATE=$(date '+%Y-%m-%d %H:%M:%S')
HOSTNAME=$(hostname)

# =========================================================
# OS Information
# =========================================================

if [ -f /etc/os-release ]; then
    . /etc/os-release
    OS_NAME="$PRETTY_NAME"
else
    OS_NAME=$(cat /etc/redhat-release 2>/dev/null)
fi

# =========================================================
# Helper Function
# =========================================================

print_row() {
    printf "%-35s %-70s %-22s\n" "$1" "$2" "$3"
}

# =========================================================
# Header
# =========================================================

echo "========================================================================================================================"
echo " AlmaLinux Internal Host Server Checklist Report"
echo "========================================================================================================================"
echo "Hostname      : $HOSTNAME"
echo "OS            : $OS_NAME"
echo "Generated On  : $REPORT_DATE"
echo ""

# =========================================================
# Kernel Check
# =========================================================

CURRENT_KERNEL=$(rpm -q kernel-core | sort | tail -n1)

KERNEL_UPDATE=$(dnf check-update kernel-core 2>/dev/null | grep kernel-core | tail -n1 | awk '{print $1}')

if [ -z "$KERNEL_UPDATE" ]; then
    KERNEL_STATUS="UP TO DATE"
else
    KERNEL_STATUS="UPDATE AVAILABLE"
fi

# =========================================================
# Firewall Check
# =========================================================

FIREWALL_NAME="-"
FIREWALL_VERSION="-"
FIREWALL_STATUS="NOT INSTALLED"

if rpm -q firewalld >/dev/null 2>&1; then

    FIREWALL_NAME="firewalld"

    FIREWALL_VERSION=$(rpm -q firewalld --queryformat '%{VERSION}-%{RELEASE}\n')

    FW_UPDATE=$(dnf check-update firewalld 2>/dev/null | grep firewalld)

    if [ -z "$FW_UPDATE" ]; then
        FIREWALL_STATUS="UP TO DATE"
    else
        FIREWALL_STATUS="UPDATE AVAILABLE"
    fi

elif rpm -q csf >/dev/null 2>&1; then

    FIREWALL_NAME="CSF"

    FIREWALL_VERSION=$(csf -v 2>/dev/null | head -n1)

    FIREWALL_STATUS="INSTALLED"

elif rpm -q nftables >/dev/null 2>&1; then

    FIREWALL_NAME="nftables"

    FIREWALL_VERSION=$(rpm -q nftables --queryformat '%{VERSION}-%{RELEASE}\n')

    FIREWALL_STATUS="INSTALLED"
fi

# =========================================================
# Acronis Check
# =========================================================

ACRONIS_VERSION="-"
ACRONIS_STATUS="NOT INSTALLED"

# Detect Acronis service
if systemctl list-units --type=service --all | grep -iq acronis_mms; then

    ACRONIS_STATUS="INSTALLED"

    # Try to get RPM package
    ACRONIS_PKG=$(rpm -qa | grep -Ei 'acronis|backup.*recovery' | head -n1)

    if [ -n "$ACRONIS_PKG" ]; then

        ACRONIS_VERSION="$ACRONIS_PKG"

    else

        # Fallback method from binary version
        if [ -f /usr/lib/Acronis/BackupAndRecovery/mms ]; then

            MMS_VERSION=$(/usr/lib/Acronis/BackupAndRecovery/mms --version 2>/dev/null | head -n1)

            if [ -n "$MMS_VERSION" ]; then
                ACRONIS_VERSION="$MMS_VERSION"
            else
                ACRONIS_VERSION="Acronis Service Detected"
            fi

        else
            ACRONIS_VERSION="Acronis Service Detected"
        fi
    fi
fi

# =========================================================
# SentinelOne Check
# =========================================================

S1_VERSION="-"
S1_STATUS="NOT INSTALLED"

S1_PKG=$(rpm -qa | grep -Ei 'SentinelAgent|sentinelone|s1-agent' | head -n1)

if [ -n "$S1_PKG" ]; then
    S1_STATUS="INSTALLED"
    S1_VERSION="$S1_PKG"
fi

# =========================================================
# EDR/XDR Check
# =========================================================

EDR_VERSION="-"
EDR_STATUS="NOT INSTALLED"

EDR_PKG=$(rpm -qa | grep -Ei \
'crowdstrike|falcon|cylance|carbonblack|cbagent|trend|defender|sophos|eset|mcafee|trellix|symantec|kaspersky|edr|xdr' \
| head -n1)

if [ -n "$EDR_PKG" ]; then
    EDR_STATUS="INSTALLED"
    EDR_VERSION="$EDR_PKG"
fi

# =========================================================
# Final Checklist Table
# =========================================================

echo "========================================================================================================================"
echo " FINAL SERVER CHECKLIST"
echo "========================================================================================================================"

print_row "ITEM" "VERSION" "STATUS"

echo "------------------------------------------------------------------------------------------------------------------------"

print_row "Kernel Status" "$CURRENT_KERNEL" "$KERNEL_STATUS"

print_row "Firewall ($FIREWALL_NAME)" "$FIREWALL_VERSION" "$FIREWALL_STATUS"

print_row "Acronis Installed" "$ACRONIS_VERSION" "$ACRONIS_STATUS"

print_row "SentinelOne" "$S1_VERSION" "$S1_STATUS"

print_row "EDR/XDR Detected" "$EDR_VERSION" "$EDR_STATUS"

echo "========================================================================================================================"