#!/bin/bash

source "/etc/asl/config"
export LANG="en_US.UTF-8"
WAIT=$(echo $RANDOM | cut -c1-3)


if [ "$CONFIGURED" ==  "yes" ]; then
  # determine actual retention in days to use
  RET_DAYS=$HIDS_CLEAN_DIFF
  RET_DAYS_MODSEC=$MODSEC_CLEAN_ALERT
  if [ "$RETENTION_USE_CONSOLIDATED" == "yes" ]; then
    arr=($RETENTION_CONSOLIDATED)
    s_value=${arr[0]}
    s_period=${arr[1]}

    if [ "$s_period" == "month" ] || [ "$s_period" == "months" ]; then
      RET_DAYS=$((s_value * 30))
      RET_DAYS_MODSEC=$RET_DAYS
    elif [ "$s_period" == "year" ] || [ "$s_period" == "years" ]; then
      RET_DAYS=$((s_value * 365))
      RET_DAYS_MODSEC=$RET_DAYS
    elif [ "$s_period" == "day" ] || [ "$s_period" == "days" ]; then
      RET_DAYS=$s_value
      RET_DAYS_MODSEC=$RET_DAYS
    fi
  fi

  # Automatic Updates
  if [ "$AUTOMATIC_UPDATES" ==  "daily" ]; then
        sleep $WAIT
	/var/asl/bin/aum -u >/dev/null 2>&1
  fi

  # Clear old alerts
  #if [ $MODSEC_CLEAN_ALERT -gt 0 ]; then
  if [ $RET_DAYS_MODSEC -gt 0 ]; then
     /usr/bin/find /var/asl/data/audit/ -maxdepth 2 \
	-type d -ctime +$RET_DAYS_MODSEC -exec /bin/rm -rf {} \; >/dev/null 2>&1
  fi

  # Clean old updates
  /usr/bin/find /var/asl/updates -maxdepth 1 \
	-type f -ctime +7 -exec /bin/rm -f {} \; >/dev/null 2>&1

  # Clean old state files
  if [ -d /var/ossec/queue/diff ]; then
  	/usr/bin/find /var/ossec/queue/diff/*/533 -maxdepth 1  -type f -ctime +1 -exec /bin/rm -f {} \; >/dev/null 2>&1
  	#/usr/bin/find /var/ossec/queue/diff/* -name state* -type f -ctime +$HIDS_CLEAN_DIFF -exec /bin/rm -f {} \; >/dev/null 2>&1
  	/usr/bin/find /var/ossec/queue/diff/* -name state* -type f -ctime +$RET_DAYS -exec /bin/rm -f {} \; >/dev/null 2>&1
  	#/usr/bin/find /var/ossec/queue/diff/* -name diff* -type f -ctime +$HIDS_CLEAN_DIFF -exec /bin/rm -f {} \; >/dev/null 2>&1
  	/usr/bin/find /var/ossec/queue/diff/* -name diff* -type f -ctime +$RET_DAYS -exec /bin/rm -f {} \; >/dev/null 2>&1
  fi

  # Clean > RETENTION_MAX_RBC_COUNT
  /var/asl/bin/asl --rbc_clean >/dev/null 2>&1

  # Clean old rbc files
  if [ -d /var/asl/rbc ]; then
    /usr/bin/find /var/asl/rbc/* -type f -ctime +$RET_DAYS -exec /bin/rm -f {} \; >/dev/null 2>&1
  fi



  # Clean old malware scan reports
  #/usr/bin/find  /var/asl/reports -name *.log type f -ctime +$HIDS_CLEAN_DIFF -exec /bin/rm -f {} \; >/dev/null 2>&1
  /usr/bin/find  /var/asl/reports -name *.log type f -ctime +$RET_DAYS -exec /bin/rm -f {} \; >/dev/null 2>&1

  # Run DB rotate script
  if [ -f /var/asl/bin/asl_db_rotate ]; then
  	/var/asl/bin/asl_db_rotate >/dev/null 2>&1
  fi


  # Purge Logs
  if [[ "$PURGE_LOGS" != "no" ]] && [[ "$PURGE_LOGS" != "-1" ]]; then
	DAYS=$PURGE_LOGS
	# Alerts
        /usr/bin/find /var/ossec/logs/alerts/ -name \*gz -type f -ctime +$DAYS -exec /bin/rm -f {} \;
        /usr/bin/find /var/ossec/logs/alerts/ -name \*sum -type f -ctime +$DAYS -exec /bin/rm -f {} \;

	# Archives
	/usr/bin/find /var/ossec/logs/archives/ -name \*gz -type f -ctime +$DAYS -exec /bin/rm -f {} \;
	/usr/bin/find /var/ossec/logs/archives/ -name \*sum -type f -ctime +$DAYS -exec /bin/rm -f {} \;
  fi

  # Run rep report
  if [ "$REPUTATION_REPORT" == "yes" ]; then
  	if [ "$REPUTATION_FREQUENCY" == "daily" ]; then
		/var/asl/bin/asl --rep_report >/dev/null 2>&1
	fi
  fi

  # Run ASL housekeeping
  /var/asl/bin/asl --housekeeping >/dev/null 2>&1
  
else
  echo "Error: ASL has not been configured"
  exit 1
fi

