#!/bin/bash

function version_is_supported() {
    #
    # Check if the version is supported
    # https://endoflife.date/ubuntu
    #
    today=$(date +"%Y-%m-%d")
    os_version=$(lsb_release -r | awk '{print $2}')
    case $os_version in
        18.04)
            expiration_date="2023-05-31"
            ;;
        20.04)
            expiration_date="2025-04-02"
            ;;
        22.04)
            expiration_date="2027-04-01"
            ;;
        22.10)
            expiration_date="2027-06-20"
            ;;
        *)
            expiration_date="2000-04"
            logger INFO "The version $os_version is not supported."
            res=1
            ;;
    esac
    if [[ $expiration_date > $today ]]; then
        # The version supported
        res=0
    else
        # The version not supported
        res=1
    fi
    logger INFO "Version supported? $res"
    return $res
}

function system_is_up_to_date() {
    #
    # Check if the system is up to date
    #
    logger INFO "Checking if the system is up to date..."
    MAX_DAYS=30
    APT_LOGS=/var/log/apt/history.log

    today=$(date +"%s")
    # Get the date of the last update from the apt history log file and convert it to seconds since 1970-01-01 00:00:00 UTC (epoch)
    last_update=$(date -d "$(grep Start-Date $APT_LOGS | tail -1 | cut -f 2 -d ' ' | sed -e 's/-//g')" +"%s")
    days_since_last_update=$(( (today - last_update) / 86400 ))
    if [[ $days_since_last_update -gt $MAX_DAYS ]]; then
        # The system is not up to date
        res=1
    else
        # The system is up to date
        res=0
    fi
    logger INFO "Days since last update: $days_since_last_update, Updated? $res"
    return $res
}

function firewall_is_enabled() {
    #
    # Check if the firewall is enabled
    #
    firewall_status=$(ufw status | grep Status | awk '{print $2}')
    if [[ $firewall_status == "active" ]]; then
        # The firewall is enabled
        res=0
    else
        # The firewall is not enabled
        res=1
    fi
    logger INFO "Firewall status: $firewall_status"
    return $res
}

function globalprotect_installed() {
    #
    # Check if the GlobalProtect client is installed
    #
    if [[ -f /opt/paloaltonetworks/globalprotect/globalprotect ]]; then
        # The GlobalProtect client is installed
        res=0
    else
        # The GlobalProtect client is not installed
        res=1
    fi
    logger INFO "GlobalProtect installed? $res"
    return $res
}

function check_full_disk_encryption_enabled() {
    #
    # Check if the full disk encryption is enabled
    #

    # if VIRTUAL is set to "virtual" then we are running in a virtual machine
    if [[ -n "$VIRTUAL" ]]; then
        # We are running in a virtual machine
        res=0
        logger INFO "Running in a virtual machine. Full disk encryption bypassed."
        return $res
    else
        if [[ -f /etc/crypttab ]]; then
            # The full disk encryption is enabled
            res=0
        else
            # The full disk encryption is not enabled
            res=1
        fi
        logger INFO "Full disk encryption enabled? $res"
        return $res
    fi
}

function check_all() {
    version_is_supported \
    && system_is_up_to_date \
    && firewall_is_enabled \
    && globalprotect_installed \
    && check_full_disk_encryption_enabled

    return $?
}