#!/bin/bash
# wsdiag: collect system info

dir=/tmp/wsdiag.$$

opt=/opt/f-secure
etc=/etc/opt/f-secure
var=/var/opt/f-secure

guts=guts2.sp.f-secure.com

usage() {
    echo "usage: wsdiag" 1>&2
    exit 1
}

fatal() {
    echo $* 1>&2
    exit 1
}

logprog() {
    echo "# $@"
    "$@" 2>&1
    echo
}

cleanup() {
    rm -rf "$dir"
}

while getopts ":" o; do
    case "$o" in
    *)  usage   ;;
    esac
done

shift $((OPTIND-1))

case $# in
0)          ;;
*)  usage   ;;
esac

trap cleanup 0

mkdir "$dir" || fatal "can't mkdir $dir: $?"

for i in "$opt" "$etc" "$var"; do
    j=$i
    until test "$j" = "/"; do
        logprog ls -Zdils "$j" >>"$dir"/ls
        j=$(dirname "$j")
    done
done

>>"$dir"/ls         logprog ls -Zdils /
>>"$dir"/ls         logprog find "$opt" "$etc" "$var" -exec ls -Zdils '{}' \;

>>"$dir"/sysinfo    logprog date -Iseconds
>>"$dir"/sysinfo    logprog uname -a

for i in /etc/*release /etc/*version; do
    >>"$dir"/sysinfo    logprog cat "$i"
done

>>"$dir"/sysinfo    logprog uptime
>>"$dir"/sysinfo    logprog ps auxf
>>"$dir"/sysinfo    logprog top -b -n 1
>>"$dir"/sysinfo    logprog free
>>"$dir"/sysinfo    logprog df
>>"$dir"/sysinfo    logprog mount
>>"$dir"/sysinfo    logprog cat /proc/cpuinfo

>>"$dir"/net        logprog ip a
>>"$dir"/net        logprog ip r
>>"$dir"/net        logprog ss -anp
>>"$dir"/net        logprog iptables -L -vnx

>>"$dir"/selinux    logprog sestatus
>>"$dir"/selinux    logprog getenforce
>>"$dir"/selinux    logprog semanage fcontext -C -l
>>"$dir"/selinux    logprog semodule -lfull

>>"$dir"/dmesg      logprog dmesg -T
>>"$dir"/journal    logprog journalctl -n 100000 -o short-iso
>>"$dir"/messages   logprog tail -n 100000 /var/log/messages

>>"$dir"/dpkg       logprog dpkg -l
>>"$dir"/rpm        logprog rpm -qa
>>"$dir"/lsof       logprog lsof

>>"$dir"/status     logprog systemctl -l status \
                    $(2>/dev/null basename -a \
                    $(grep -ls f-secure /usr/lib/systemd/system/*))

>>"$dir"/guts2      logprog getent ahosts "$guts"
>>"$dir"/guts2      logprog ping -c 5 "$guts"
>>"$dir"/guts2      logprog curl -i https://"$guts"

>>"$dir"/env        logprog umask
>>"$dir"/env        logprog ulimit -a
>>"$dir"/env        logprog set

for diag in "$opt"/atlant/bin/fsdiag.sh \
            "$opt"/atlant/atlant/bin/fsdiag.sh \
            "$opt"/linuxsecurity/bin/fsdiag.sh \
            "$opt"/mdr/mdr/bin/fsdiag; do
    test -x "$diag" &&
    tgz=$("$diag") &&
    tar xzf "$tgz" -C "$dir" &&
    rm -f "$tgz"
done

for diag in /opt/f-secure/fspmc/fsdiag \
            /opt/f-secure/fspms/bin/fsdiag; do
    test -x "$diag" &&
    cd "$dir" &&
    echo | logprog "$diag" >>"$dir"/pmdiag &&
    test -r fsdiag.tar.gz &&
    tar xzf fsdiag.tar.gz &&
    rm -f fsdiag.tar.gz
done

tar czf "$dir.tgz" -C "$(dirname "$dir")" "$(basename "$dir")" ||
    fatal "can't tar czf $dir.tgz $(basename "$dir"): $?"
rm -rf "$dir" ||
    fatal "can't rm -rf $dir: $?"
echo "$dir.tgz"
exit 0
