#!/bin/bash



###   CONFIG BEGIN   ###

# Folder to save snaps in
SNAP_FOLDER=~/server_states

# Array with files to snapshot
declare -a CFGBKP=(
	"/etc/hosts"
)

# Bash color definitions
C1='\033[00;97m'	# white
C2='\033[00;95m'	# light magenta
RST='\033[0m'

###   CONFIG END   ###



# print color message
function msg() {
        echo -e "\n$C2 * $C1$1$RST"
}

# print section
function section() {
	declare -i X1 X2 X3 WIDTH
	WIDTH=60                # total width
	X2=${#1}+2            # length of $foo and 2 whitespaces
	X1=(WIDTH-X2)/2            # length of first part
	X3=$WIDTH-X1-X2         # length of last part
	echo -e "$C1"
	for ((i=1;i<=$X1;i++)); do echo -n "+"; done
	echo -en " $C2$1$C1 +++ (\033[31m missing $C1/\033[32m new$C1 ) "
	for ((i=1;i<=$X3;i++)); do echo -n "+"; done
	echo -e "$RST"
}

# colorify diff output
function colorFilter {
	awk '/^>/ { print "\033[31m"$0"\033[0m"; } /^</ { print "\033[32m"$0"\033[0m"; }'
}

# print and format unique processes names
function procList {
	ps aux | awk '{ print $11 }' | sort | uniq | egrep -v '^\['
}

# print and format opened TCP/UDP ports and process names
function portList {
	#netstat -lpn | egrep "(tcp.*LISTEN|udp)" | sort | uniq | awk '{split($NF,arr,"/"); print $1 "   " $4 "   " arr[2]}'
	ss -lpn | egrep "(tcp.*LISTEN|udp)" | sort | uniq | awk '{split($NF,arr,"\""); print $1 "   " $5 "   " arr[2]}' | column -t
}

# print firewall rules (standard + NAT table)
function firewallRules {
	(/sbin/iptables -L -n; echo -e "\n#NAT\n";  /sbin/iptables -L -nt nat)
}

# print routing table
function routingTable {
	/sbin/ip route
}

# make status snap
function makeSnap {
	FOLDER=$SNAP_FOLDER/state_$(date '+%Y%m%d_%H%M%S')
	mkdir -p $FOLDER
	procList > $FOLDER/ps.out
	portList > $FOLDER/netstat.out
	firewallRules > $FOLDER/iptables.out
	/sbin/iptables-save > $FOLDER/iptables-save.out
	mount > $FOLDER/mount.out
	routingTable > $FOLDER/routing.out
        for i in "${CFGBKP[@]}"
        do
		DIR=$(dirname "${i}")
		mkdir -p "$FOLDER/cfg$DIR"
		cp "$i" "$FOLDER/cfg$i"
        done
	msg "Written state snapshot to $FOLDER"
}

# comapring states to previous snap
function compare {
	FOLDER=$SNAP_FOLDER/$(ls ~/server_states/ | tail -n 1)
	msg "Comparing with snap $FOLDER"
	section "Proccesses diff"; procList | diff - $FOLDER/ps.out | colorFilter
	section "Opened ports diff"; portList | diff - $FOLDER/netstat.out | colorFilter
	section "Firewall rules diff"; firewallRules | diff - $FOLDER/iptables.out | colorFilter
	section "Mounts diff"; mount | diff - $FOLDER/mount.out | colorFilter
	section "Routing table diff"; routingTable | diff - $FOLDER/routing.out | colorFilter
        for FILE in "${CFGBKP[@]}"
        do
		section "$FILE diff"; diff "$FILE" "$FOLDER/cfg$FILE" | colorFilter
        done
}

# Checking if root privileges
function nonRootExit {
	if [[ $EUID -ne 0 ]]; then
		msg "This command must be run as root"
		exit 1
	fi
}

# Printing help
function printHelp {
	echo -e "Usage: $0 [command]...\n"
	printf "   $C1%-6s$RST %s\n" "snap" "- Make server status snapshot"
	printf "   $C1%-6s$RST %s\n" "diff" "- Make a diff comparison against latest snapshot"
	printf "   $C1%-6s$RST %s\n\n" "clear" "- Delete all previous snapshots"
	exit 0;
}

# Print help if no arguments
if [ $# -lt 1 ]; then
	printHelp
fi

# Program starts here
case $1 in
	diff)
	nonRootExit
	compare
	;;
	snap)
	nonRootExit
	makeSnap
	;;
	clear)
	rm -r $SNAP_FOLDER/*
	;;
	*)
	msg "Unrecognised command. Run \"$0 help\" to view help."
	;;
esac